Connection Test fails with Basic Auth with 2.0.1

[grote]

I am using Basic Auth to protect my wallabag 2.2.3 installation. This was and is working fine with the 1.12.2 app. However with 2.0.1 the connection test is failing.

I entered the proper connection settings and Autofill is working. The client registers, gets a secret (that matches with what the webclient shows). Still, after navigating to the main screen, the proposed connection test fails.

It says: API access test failed Unknown error: AuthorizationException: HTTP response: 401 Unauthorized

On the server, I see this log:

"GET / HTTP/1.1" 302 4616 "-" "okhttp/3.8.1"
"GET /login HTTP/1.1" 200 1546 "-" "okhttp/3.8.1"
"POST /login_check HTTP/1.1" 302 832 "-" "okhttp/3.8.1"
"GET / HTTP/1.1" 200 6837 "-" "okhttp/3.8.1"
"GET / HTTP/1.1" 200 6837 "-" "okhttp/3.8.1"
[auth_basic:error] [pid 4526] [client 189.4.72.29:9498] AH01614: client used wrong authentication scheme: /api/version.json
"GET /api/version.json HTTP/1.1" 401 4543 "-" "okhttp/3.8.1"
"POST /oauth/v2/token HTTP/1.1" 401 684 "-" "okhttp/3.8.1"

Looks like one of those requests is made without basic auth. If that is the problem, it should be an easy fix.

[di72nn]

The API uses HTTP Auth by itself (OAuth2 bearer token). As far as I know, you can't combine HTTP Auth methods.

[grote]

The API uses HTTP Auth by itself

So did you move to a new API between 1.12.2 and 2.0.1? If so, HTTP Basic Auth would not be supported anymore with the new API, right? If that's the case, why can I still enter credentials for HTTP Basic Auth in the app?

[di72nn]

1.* versions were not using API at all: they were doing regular HTTP requests to wallabag web pages in order to do client -> server sync. And the articles were loaded via RSS feeds (that's the legacy of server v1.*).

v2 completely moved to REST API (with the exception of initial setup, which is not technically necessary).

I had the impression that the new API is not compatible with HTTP Basic Auth, but I'm not sure anymore (see suggestion below). If I remember correctly, the HTTP Auth credentials that you can enter in the advanced settings are used to perform the "Autofill" action (not via API).

Quick searching suggests that you may try to add HTTP Basic Auth credentials as part of the URL. Please report if this works. If it doesn't work, you may consider disabling HTTP Basic Auth for /oauth/ and /api/ paths.

[grote]

Quick searching suggests that you may try to add HTTP Basic Auth credentials as part of the URL.

I tried this and it doesn't work, maybe because of special characters in my password.

If it doesn't work, you may consider disabling HTTP Basic Auth for /oauth/ and /api/ paths.

That also didn't work, but it might be because the app is still trying basic auth if it is configured. Could that be the case?

If I remove the basic auth parameters, the connection test itself fails even earlier, because this is still required for non /oauth/ and /api/ paths.

[di72nn]

I tried this and it doesn't work, maybe because of special characters in my password.

Maybe you should try a simpler password (at least to test it).

That also didn't work, but it might be because the app is still trying basic auth if it is configured. Could that be the case?

HTTP Basic Auth parameters are not used for API at all. Do you get the same error? Have you checked that Basic Auth is actually disabled for these paths?

[borg1622]

@di72nn :
I ran into the same issue. Including credentials into the URL doesn't fix that.

[di72nn]

You probably need to disable HTTP Basic Auth for /oauth/ and /api/ paths then.