search

mattbrailsford / umbraco-authu

An Umbraco plugin to add an OAuth API endpoint to allow authenticated Members/Users via OAuth
MIT License
71 stars 22 forks source link

Does this work? #51

Closed ulfmollerstrom closed 4 years ago

ulfmollerstrom commented 4 years ago

I'm possibly the most stupid person on the planet - but does this work at all?

Following the read-me and calling from Postman, there are no 401 after "tagging" the controller. At startup, it hits a breakpoint in AuthUConfigComponent.Initialize().

    [OAuth]
    public class TestForLocalTestDocTypeController : UmbracoApiController
    {
        [HttpGet]
        [Authorize]
        public JsonResult GetFoo()
        {

namespace XXXXXXApp.WebApi.Common
{
    public class AuthUConfigComponent : IComponent
    {
        public void Initialize()
        {
            var secret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; 
            var key = Convert.ToBase64String(Encoding.UTF8.GetBytes(secret));

            // Configuration goes here
            OAuth.ConfigureEndpoint("/oauth/token", new OAuthOptions {
                UserService = new UmbracoMembersOAuthUserService(),
                SymmetricKey = key,
                AccessTokenLifeTime = 20, // Minutes
                AllowInsecureHttp = Environment.UserInteractive
            });
        }

        public void Terminate()
        {
        }
    }
}

http://localhost:5898/umbraco/api/TestForLocalTestDocType/getfoo

Are there any other things to be done? Umbraco version: 8.6.2

I apologize if it's not appropriate asking here!

/Ulf

tobbbe commented 4 years ago

that looks correct :) 401 means that the request was unauthorized.

To authorize the request you need to do a login and use the access_token

ulfmollerstrom commented 4 years ago

that looks correct :) 401 means that the request was unauthorized.

To authorize the request you need to do a login and use the access_token

Hi! Sorry, I was unclear: I don't get a 401, the controller returns data as before.

mattbrailsford commented 4 years ago

At a guess, I would say check which version of the OAuth attribute you are using as there are two versions. One for API controllers and one for regular MVC controllers. For your API controller you'll need to be using the one in the Our.Umbraco.AuthU.Web.WebApi namespace.

ulfmollerstrom commented 4 years ago

At a guess, I would say check which version of the OAuth attribute you are using as there are two versions. One for API controllers and one for regular MVC controllers. For your API controller you'll need to be using the one in the Our.Umbraco.AuthU.Web.WebApi namespace.

Hi! Tried both... :\ Is there any "activation"/settings in Umbraco necessary?

mattbrailsford commented 4 years ago

Dumb question, but have you hooked up your AuthUConfigComponent via a composer? I can't see a composer in your code sample as documented here https://github.com/mattbrailsford/umbraco-authu#configuration

ulfmollerstrom commented 4 years ago

@mattbrailsford it's in a separate file, but that's possibly wrong namespace XXXXXApp.WebApi.Common { public class AuthUConfigComposer : ComponentComposer<AuthUConfigComponent> { } }

mattbrailsford commented 4 years ago

Then I'd also check you are using the correct Authorize attribute as I believe this has the same issue, there there are two variants of it for API controllers and MVC controllers.

ulfmollerstrom commented 4 years ago

THANK YOU SIR!

{
    "Message": "Authorization has been denied for this request."
}