What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hey I have some trouble getting the authentication token für the glue rest api. I have createt a age

U01DWAYA6BC
U01DWAYA6BC Posts: 16 🧑🏻‍🚀 - Cadet
edited November 2021 in Help

Hey I have some trouble getting the authentication token für the glue rest api.
I have createt a agent user with admin rights, and I can login with this user via the backend (zed).
Then i try the following:
POST Request against glue api endpoint /agent-access-tokens
Request Body is
{
"data": {
"type": "agent-access-tokens",
"attributes": {
"username": "_{{admin_username}}_",
"password": "_{{admin_password}}_"
}
}
}

As resonse I get 401
{"errors":[{"code":"4101","status":401,"detail":"Failed to authenticate an agent."}]}
After some searching in the code, I found out that the error core 4101 means “invalid credentials”.
Is there any way to get deeper in the analysis, why this happens?

Comments

  • Eugenia Poidenko
    Eugenia Poidenko Sprykee Posts: 145 🧑🏻‍🚀 - Cadet

    Hello Hermann.

    The error can mean that the glue oauth client and secret are out of sync between your env in docker and DB.

    to proof that this is the case, check if you can get the usual customer’s access token with /access-tokens . if you get the similar error, it would mean that resetting docker will help.

  • Eugenia Poidenko
    Eugenia Poidenko Sprykee Posts: 145 🧑🏻‍🚀 - Cadet

    this can happen when you docker/sdk boot without the full install.
    unfortunately this causes the oauth client and secret to get regenerated in the docker environment.
    And since this pair of value is being setup into DB in the Installer plugin, the DB will have the older value and your client validation will fail

  • Eugenia Poidenko
    Eugenia Poidenko Sprykee Posts: 145 🧑🏻‍🚀 - Cadet

    if you are debugging the core code, the error will happen here \Spryker\Zed\Oauth\Business\Model\League\Repositories\ClientRepository::validateClient()

  • U01DWAYA6BC
    U01DWAYA6BC Posts: 16 🧑🏻‍🚀 - Cadet

    ok, with the customers access token I have the same issue

  • U01DWAYA6BC
    U01DWAYA6BC Posts: 16 🧑🏻‍🚀 - Cadet

    but the code is “003”

  • U01DWAYA6BC
    U01DWAYA6BC Posts: 16 🧑🏻‍🚀 - Cadet

    Hi @UQKSAARKN thank you very much for the hint, this was the issue.
    For anyone, this is how i tested it and solved it:
    Getting the value of SPRYKER_OAUTH_CLIENT_SECRET from docker/deployment/default/env/glue_eu.env (or how the corresponding env file is named in your environment.
    Then getting the hash from the table spy_oauth_client from the column secret.
    Comparing each other with php function password_verify('secret', 'hash').
    In my case it was false, so I could be sure that this was the issue.
    Next I took the secret from the env file and created a hash
    with php function password_hash('secret', PASSWORD_BCRYPT) and saved this value to the secret column in the spy_oauth_client table.
    This will resolve the mentioned issue, but to be sure that no other things are not in sync, I would also recommend to do the docker reset as @UQKSAARKN mentioned.

  • U02P7B6K2LC
    U02P7B6K2LC Posts: 121 🧑🏻‍🚀 - Cadet

    @U01DWAYA6BC & @UQKSAARKN... wow.... thank you so much for this solution. This fixed my auth errors perfectly. 👍👍

Categories