MarkusPfundstein
commented
1 year ago is this even maintained anymore?
Open juanantonio-ayto opened 1 year ago
MarkusPfundstein
commented
1 year ago is this even maintained anymore?
aalonsog
commented
1 year ago Hello, what are you getting in the log console.log("Decision: " +decision) ?
After correctly configuring both keyrock and pep-proxy. Registering the application, users, permissions, etc. I performed the normal steps of obtaining the oauth2 token and then using it to make queries to the Context Broker. However, although it received a positive authorization from the Keyrock, it got a negative decision from the fiware-pep-proxy.
Analyzing the problem in the keyrock log I got the following: GET /user?access_token=b7d76f3bd48fdb9aa66679e77ddc8af26084cac2&app_id=2f3389f7-4893-4874-9825-bf816ff37329&action=GET&resource=/ngsi-ld/v1/entities/ 201 26,373 ms - 386.
However, from the pep-proxy side I received a: User access-token not authorized urn:dx:as:InvalidRole
It seems that the failure is in dealing with a decision by the Keyrock with empty body.
Line 60 of the lib/access_functions.js file exports.adjudicate = function (req, res, decision) { console.log("Decision: " +decision); if (decision) { //<--- Here would be the problem permit(req, res); } else { deny(res, 'User access-token not authorized', 'urn:dx:as:InvalidRole'); } };