• Join - It's Free
« Back to Project Discussions

Auth problem for PROJECT calls specifically

Started by Shmuel-Aharon Kam (Kahn / שמואל-אהרן קם (קאן on Wednesday, January 29, 2025
Problem with this page?

Participants:

Related Projects:

Showing all 17 posts

I'm writing a script in PHP. So far it makes API call to the Profile object, and works nicely. BUT when I try to make /Project calls they fail with a "HTTP/1.1 401 Unauthorized" error! In order to try and isolate the problem I did the following:
1. Verified that I CAN make these calls via the Geni API Explorer. Yes.
2. Hard-coded this same call into the code. It FAILS.
3. Copy-pasted an API /Profile call into the same spot. It WORKS.

Therefore I presume that the problem is with /Project calls with the app.

Any ideas what's going on here?

Hi Shmuel,

What application ID are you using? Can you tell me roughly when you got the 401 error?

The app ID is 1832.
I can produce the error on demand, so I just did NOW.

If you're already looking at the logs, could you please tell me what's wrong with my POST call, as described here. It's giving me a "500 Internal Server Error" error!

https://www.geni.com/discussions/288051

Shmuel-Aharon Kam (Kahn / שמואל-אהרן קם (קאן you're passing the client_secret directly to your API call, but it should be an OAuth request token instead. Refer to the "Application Authorization" section at https://www.geni.com/platform/developer/help/oauth_server_side?version=1 to get an authorization token that's specific to the Geni user authorizing the app, and then pass that access_token with your request to fetch the project dtails.

I'm not seeing the 500 in our logs but I may still be able to track it down through the load balancer. I'll let you know.

Haha. I wrote a long comment and it was rejected as a security risk. I presume because I posted some source code.

Bottom line. The client-secret is only accessed in the initial auth-request call. Having the oauth token, I put it in the header for the call. This is all done through a wrapper, which receives a URL, and parameters. So the exact same code runs regardless of which API is being called (with POST calls being the exception). /Profile calls work very nicely. /Project calls go boom.

Mike - tested this in the Geni API Explorer - no errors, but no update:www.geni.com/media/proxy?media_id=6000000214707006822&size=large

Bjorn, I have used the API Explorer to successfully update About-Me fields. So I KNOW it works as advertised.

It works if you only update about_me, - but not multiple about_mes as I try here

Mike Stangel, any luck finding the issue?

HTTP request failed! HTTP/1.1 401 Unauthorized

NOW

Shmuel-Aharon Kam (Kahn / שמואל-אהרן קם (קאן Can I ask you to repeat the test you posted 2 days ago? We had to add some extra logging to try to capture what went wrong. (It appears to be a problem with the authorization token you passed, but I can't say for sure until we get better logging)

Just now. KABOOM.

It appears we are having a problem with grant_type=client_credentials

If it's possible for you to use the Server Side Flow for now (grant_type=authorization_code), that might work around the problem while we figure out how to fix this.

Okay I think we've worked out the problem with grant_type=client_credentials -- try again and let me know?

It seems to be working. THANKS.

Great!

Showing all 17 posts

Create a free account or login to participate in this discussion

English (US)   eesti   Svenska   Español (España)   Français   עברית   Norsk (bokmål)   dansk   Nederlands   Deutsch   »
To enable the proper functioning and security of the website, we collect information via cookies as specified in our Cookie Policy. Geni does not use any third-party cookies.