• Join - It's Free
« Back to Project Discussions

API authorisation not working for some reason

Started by Craig Andrew Miles on Wednesday, August 31, 2022
Problem with this page?

Participants:

Related Projects:

Showing all 16 posts

The authorisation workflow requires a call to OAuth when there is no valid token available.

For my application, this has always looked like:

https://www.geni.com/platform/oauth/authorize?client_id=<client_...

for my dev environment dev.ancestors.net.au

This previously returned a response that looked like:

http://localhost:3000/profile_tree_geni_auth_response?code=<code...

eg back to the redirect_uri supplied

For the last 2 days this has no longer worked and instead the authorisation workflow is redirecting to:

https://www.geni.com/home

Can anyone please explain what is going on?

Thanks

Craig

You need to set the callback URL on the Geni site to match the redirect URL in your authorization request.

Thanks for the response Scott but I dont understand why this should suddenly have changed.

I would have thought that the point of providing the callback url in the request is so that you have control of this from the application - I have different callback points depending on the context.

This has always worked up to a couple of days ago.

Do you know anything about this Mike Stangel

We changed the callback behavior recently as a security measure to prevent open redirect vulnerabilities.

I think only the host part of the callback URL needs to match the host you provide in the redirect URL you provide.

Thanks Scott

So what happens if I call the API from 2 different hosts - a development host and a production
host?

Was there any notification of this change to behaviour - if so I didnt see it?

You'll have to create an application for each host.

OK, thanks Private User

But this makes everything a lot more complicated and it would have been nice to have been told in advance!

OK, this has worked for my Production environment for app #536.

I created a new AppID #663 for my Dev environment as a kind of copy of the above but cant get it to work for my dev environment.

It appears that I dont know how to define the domains and callback URL

I have tried both
http://127.0.0.1
http://localhost

1) http://127.0.0.1

https://www.geni.com/platform/oauth/authorize?client_id=gYFEPoOpJem...

Gets the response:
Access Denied
Error 15
www.geni.com
2022-09-05 02:28:14 UTC
What happened?
This request was blocked by the security rules
Your IP: 159.196.12.7
Proxy IP: 107.154.128.111 (ID 10435-100)
Incident ID: 435002030083170219-446073873166971589

2) http://localhost

https://www.geni.com/platform/oauth/authorize?client_id=gYFEPoOpJem...

gets the response
http://127.0.0.1:43347/profile_tree_geni_auth_response?error=invali...

Also, assuming I will eventually get this to work could you please approve this application #663 so that I can make use of the higher rate limit Private User

I've approved app #663.

Thanks for approving the app Private User

But I still dont understand why my API requests from my dev environment are rejected

When I do

<<<
https://www.geni.com/platform/oauth/authorize?client_id=iHX8y050CGo...
>>>

I get a response with a code

I then successfully get an access token with the code returned as:

<<<
https://www.geni.com/platform/oauth/request_token?client_id=iHX8y05...;
>

All good so far. But when I then do:

<<<
https://www.geni.com/api/profile-34720911920/immediate-family?acces...;
>>>

I get the response

http_version: '1.1'
code: '401'
message: Unauthorized
...
body: '{"message":"You must be logged in or have an access token in order to call
this API"}'
>>>

But if I use the same URL from the browser bar I get a valid response.

So the access_token is being rejected when I call the endpoint via the API progrmatically but not from the browsrer?

This is very frustrating that I cant use the API from my localhost now!

Thanks in advance

Craig

According to our logs you made several calls to that URL. Some with the access token and some without. The ones with the access token succeeded. The ones without the access token returned 401 - as expected.

OK, thanks Private User.

I must be missing something then. I had to rejig the code to cater for the different key/secret pairs so will recheck.

Thanks for your help.

Finally sorted it, my end ultimately. Thanks for your help Private User

FYI I needed to set the domain in the Geni application configuration to http://127.0.0.1

http://localhost didnt seem to work as the requests end up with the former.

Cheers

Private User

My app has separate Dev and Test environments and so I discovered that I need a separate corresponding Geni app for each as the hostnames appear differently.

Could you please therefore approve App #664 also. Thanks.

Done!

Thanks Private User

Showing all 16 posts

Create a free account or login to participate in this discussion

English (US)   eesti   Svenska   Español (España)   Français   עברית   Norsk (bokmål)   dansk   Nederlands   Deutsch   »
To enable the proper functioning and security of the website, we collect information via cookies as specified in our Cookie Policy. Geni does not use any third-party cookies.