search

EscolaLMS / API

Laravel REST API. Main module that compose all Laravel packages
Apache License 2.0
11 stars 7 forks source link

401 Unauthorized Error #325

Closed M-Dominguez closed 7 months ago

M-Dominguez commented 7 months ago

I am using the api-staging.escolalms.com documentation to test the api calls. I am able to receive data from the /api/config. But as soon as I try something that requires authorization, I get an error.

I ran docker compose exec escola_lms_app bash -c "php artisan passport:install" (sense i am using docker) and got this in response:

Encryption keys already exist. Use the --force option to overwrite them.
Personal access client created successfully.
Client ID: 9b987534-8422-4a86-881a-0e0a505faef8
Client secret: QBIPu9qdBdKGG4u7rJRYwpyuY1FRISo3PRjjxgTp
Password grant client created successfully.
Client ID: 9b987534-8690-4f9e-a2d4-45a7e6ca52d4
Client secret: HnX4XfRkCc7ILRl8iWrxrLKjaCedAmrXv41rhhxr

I am not sure what do to with these values. here is my curl that I have been using too (without the auth):

curl "http://localhost:1001/api/admin/settings" ^
  -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" ^
  -H "Accept-Language: en-US,en;q=0.9" ^
  -H "Connection: keep-alive" ^
  -H ^"Cookie: adminer_key=4e283dcdb4fbb46cb33d8566f45c5cfa; adminer_version=4.8.1; adminer_sid=m6j5ced29ho7q353uqqac5jdpj; adminer_permanent=cGdzcWw^%^3D-cG9zdGdyZXM6NTQzMg^%^3D^%^3D-ZGVmYXVsdA^%^3D^%^3D-ZGVmYXVsdA^%^3D^%^3D^%^3AA5qE2cDeETB0KX53^" ^
  -H "Sec-Fetch-Dest: document" ^
  -H "Sec-Fetch-Mode: navigate" ^
  -H "Sec-Fetch-Site: none" ^
  -H "Sec-Fetch-User: ?1" ^
  -H "Upgrade-Insecure-Requests: 1" ^
  -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" ^
  -H ^"sec-ch-ua: ^\^"Chromium^\^";v=^\^"122^\^", ^\^"Not(A:Brand^\^";v=^\^"24^\^", ^\^"Google Chrome^\^";v=^\^"122^\^"^" ^
  -H "sec-ch-ua-mobile: ?0" ^
  -H ^"sec-ch-ua-platform: ^\^"Windows^\^"^"

If this is not where I should post this question, please direct me to the proper place. and Thank you for your help!

M-Dominguez commented 7 months ago

I am using Insomnia an application to test APIs. It seems that OAuth 2 is the authentication that passport is using. OAuth 2 needs an Access Token URL, Client ID, And Client Secret.

I have the Client ID and Client Secret. But what would the Access Token URL be?

Here is a snapshot: image

M-Dominguez commented 7 months ago

I actually resolved this by "logging in": http://localhost:1001/api/auth/login?email=admin%40escolalms.com&password=secret then grabbing the Bearer Token.

Everything was working after that.

Here is the curl (with the Auth) for api/admin/settings:

curl --request GET \
  --url http://localhost:1001/api/admin/settings \
  --header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  --header 'Accept-Language: en-US,en;q=0.9' \
  --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI5Yjk4Nzk5ZS0yZWJmLTQwYTQtYTFkMC1hNDA5M2NiYWEzMTMiLCJqdGkiOiIxNDFlMTI3NDBlNDg1M2JlYzRmYmIzZTRmYTcyYTYwZmQ5Njc0NWYzODMwZDkxNDQ3NGE4ZjEyOGZlNmE0MzdlYThiYzk1ZTBkMzI5YjdkZSIsImlhdCI6MTcxMDg1ODI2Mi44NDIyMTQsIm5iZiI6MTcxMDg1ODI2Mi44NDIyMTYsImV4cCI6MTcxMDg1ODU2Mi44Mzg5OTIsInN1YiI6IjIiLCJzY29wZXMiOltdfQ.HDPqNDoYHoNrFMexLPzURJVsP0L9vxtMiNOt5saJyax-uV44wZofwOgMCU2tfHMOOILtwsrlMsXgzgd_OihXFBZqFju34nL6VFxBmEVOtNhBKu2AQXoRQE0uWYHBmg9C4DwQ94AYK6CoxqTge_j2unTspBq-myg51rUK6y2xT35C1umfshKlnZqp1lDK2F5aE9hwWMmePZrE-8NQTIWuaQ2Klm4RRUYcF4c70H2V6s0c_EzZtLtvxzpkbRP_9g-WKWfbpW0K0CfaB6UNVecJIivz4utviKtk5U4tMSSh1J57zdO0vpA05WHajWtgFsv8aL21Re80iPTBtv-YUJnvV-Bo16d_iw1AvusO1BBy66r1poqRLUgGdO81vGnhqsPy_LW48iyNXAzhdUcULSYDc_7WA-G21fzjeKloBIAwSnh3YmxnspE-tnmN3TX4ztvhVWkrvpbyQD2114sBaED4nXyha0XvGbMfqdk6QZ1pLdFUDaUOVw4WGVtEhT6Z5-9EXUkJosMkvq2JYKLWJUcSub1BlHa2-saVc7Lm7dAl0B0gGt5In3cw8DMrxmd_8Rt8wEkWpqLdbAQ5vDrEW_DPAa4B_AWgga6A6sos8pD2Wcf1Gn82ltFkHI6dsXJV61IgzdxZgKGtF-OVEMMU5fLzhEVb3VCxXnK8a3jRjjPLMxE' \
  --header 'Connection: keep-alive' \
  --header 'Sec-Fetch-Dest: document' \
  --header 'Sec-Fetch-Mode: navigate' \
  --header 'Sec-Fetch-Site: none' \
  --header 'Sec-Fetch-User: ?1' \
  --header 'Upgrade-Insecure-Requests: 1' \
  --header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36' \
  --header '^Cookie: adminer_key=4e283dcdb4fbb46cb33d8566f45c5cfa; adminer_version=4.8.1; adminer_sid=m6j5ced29ho7q353uqqac5jdpj; adminer_permanent=cGdzcWw^%^3D-cG9zdGdyZXM6NTQzMg^%^3D^%^3D-ZGVmYXVsdA^%^3D^%^3D-ZGVmYXVsdA^%^3D^%^3D^%^3AA5qE2cDeETB0KX53^' \
  --header '^sec-ch-ua: ^\^Chromium^^;v=^\^122^^, ^\^Not' \
  --header '^sec-ch-ua-platform: ^\^Windows^^^' \
  --header 'sec-ch-ua-mobile: ?0'