Can't access private resource

Question

Can't access private resource

pheyvaer opened this issue 5 years ago · 3 comments

I'm logged in as https://pheyvaer.inrupt.net/profile/card#me. I have access to https://pheyvaer.inrupt.net/private/data.txt when I open the link in the browser. However, when executing the following code I get an HTML response stating that I don't have access (see below):

<script src="https://solid.github.io/solid-auth-client/dist/solid-auth-client.bundle.js"></script>
<script>
  solid.auth.trackSession(async session => {
    if (!session) {
      console.log('The user is not logged in');
    } else {
      console.log(`The user is ${session.webId}`);
      const response = await solid.auth.fetch('https://pheyvaer.inrupt.net/private/data.txt');
      console.log(await response.text());
    }
  });
</script>

The response is

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>No permission</title>
  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
  <link rel="stylesheet" href="/common/css/solid.css">
</head>
<body>
<div class="container">
  <div class="page-header">
    <h1>No permission to access this resource</h1>
  </div>
  <div class="alert alert-danger">
    <p>
      You are currently logged in as <code>https://pheyvaer.inrupt.net/profile/card#me</code>,
      but do not have permission to access <code>https://pheyvaer.inrupt.net/private/data.txt</code>.
    </p>
    <p>
      <button id="logout" type="button" class="btn btn-danger">Log out</button>
    </p>
  </div>
</div>
</div>
<script src="/common/js/solid-auth-client.bundle.js"></script>
<script src="/common/js/auth-buttons.js"></script>
</body>
</html>

So I'm logged in, but I don't have access, while I should have.

Answer 1 · 2019-11-19T14:50:24.000Z

Could you copy the curl for the request that returns the "no permission found" page?

You can follow these instructions to do so: https://ec.haxx.se/usingcurl-copyas.html

Answer 2 · 2019-11-19T14:58:48.000Z

curl 'https://pheyvaer.inrupt.net/private/data.txt' -H 'Connection: keep-alive' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' -H 'authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiIyMGZkYWY4NmFmMDlkNWQ2ODZiYmQ3MzU1MjhlZjVkNyIsImF1ZCI6Imh0dHBzOi8vcGhleXZhZXIuaW5ydXB0Lm5ldCIsImV4cCI6MTU3NDE3NTk1NiwiaWF0IjoxNTc0MTcyMzU2LCJpZF90b2tlbiI6ImV5SmhiR2NpT2lKU1V6STFOaUlzSW10cFpDSTZJblphYVVOa1pHVkliSFEwSW4wLmV5SnBjM01pT2lKb2RIUndjem92TDJsdWNuVndkQzV1WlhRaUxDSnpkV0lpT2lKb2RIUndjem92TDNCb1pYbDJZV1Z5TG1sdWNuVndkQzV1WlhRdmNISnZabWxzWlM5allYSmtJMjFsSWl3aVlYVmtJam9pTWpCbVpHRm1PRFpoWmpBNVpEVmtOamcyWW1Ka056TTFOVEk0WldZMVpEY2lMQ0psZUhBaU9qRTFOelV6T0RBeU56VXNJbWxoZENJNk1UVTNOREUzTURZM05Td2lhblJwSWpvaU5qYzBNMk0xTm1JeE1ESmhaVEJpTXlJc0ltNXZibU5sSWpvaVZtTk9UMlpDVTNac1RtTlZaV0kxTFMwMU5YUjRiV2RIUzJveFFqTXRieTFCWWsxeWVtcFdWbXBWU1NJc0ltRjZjQ0k2SWpJd1ptUmhaamcyWVdZd09XUTFaRFk0Tm1KaVpEY3pOVFV5T0dWbU5XUTNJaXdpWTI1bUlqcDdJbXAzYXlJNmV5SmhiR2NpT2lKU1V6STFOaUlzSW1VaU9pSkJVVUZDSWl3aVpYaDBJanAwY25WbExDSnJaWGxmYjNCeklqcGJJblpsY21sbWVTSmRMQ0pyZEhraU9pSlNVMEVpTENKdUlqb2lNbGs0UTJkcFYwWmZUM0ZQV2tSelpHbG9WazB4UzBnMFpsaGlWbTQxY25seU5teGtVSHA1Vm1oWk0xRjJiblJOWmkxNFRreHpXVTExUmxGMmVqQklXRWhDVDBGMlZtMTNNa2hoVGpGTVgwZGpUVk0zTTNwV2JXTXdYekkzYVZOc0xXbGhUWGh0VkMxWk1VcEJUVloyWlRkd1JVRjRjbU5EVjJFNU5IZzFZMUZVYlc5SE4wVm5ZV041TTJWbE5EbEhVWG95ZVVoV1FsQktWR3BhTlZwMlZVcFpVekpaY2xCdFozSXdTak5KWVRsdFRrcHllbkIwVVhaSlFVNWhSV3hwU3pCT1oyWm5NMnd0VFVWeVVqZFRaamRyTUZSUmRtbDFhRFZKVEhWdE9XZGZkRjlaVDJ3elpYQkRiVkJKUXpCZk4yaE5Xbk5FTkVGQk5Yb3hWVFZJWmtGTGVXRkJUR3hFVGxRelpqQndTa05SWlcxNWFISXpaWFY0Wm1rM1JrdFJNRk55TjBoeWFYZE1WMnN5U1hOM2NVZENha2xaVXpCUVlVcHNMVk5DVUV0bUxVdG5jamRaV2tKMFNta3hkSGg0Ym1sa1RGRlJJbjE5TENKaGRGOW9ZWE5vSWpvaU5VbHZlbTVsYjJvM05tOWFkMU5HTjNWUVdYWnhkeUo5LkpXWExpT0pONHgxaU5KSnNjd1hIX05KMFE2VkJSQS1GWERlMVFZbWZCR1NlSE1hVkxBRHBOZVZrclAtNE1jeDc0VzYtV19zaFo3RnF4NGFZY252eVh5ZWROQzVXanlrczIzS2lsa1V6OERvYWROUVZHa1laSl9CYWVLZkpycnU5WjFicDczZ2lrbVViVEJMYXo2TndXeG5TZ0kzNjJYRXh6clZ5bzIwalBweWRQelRITlNBQmpROUZGVGRSc1BwUmo0cThYWjFmd3ZfbU93TFpTa3VWY0JpUzBWRzh6Y0ZtUU1rckpUeVR5cUI1THc1VzRTUmFsN1hYSkkwZHd2cDM2SnJQRFNscTA5QUFpZ3BnUFNmckJPWktQY0FjeXl6OV9aQlpOcTFYbG5Zc0dRU21qalp1U0dXSDVva0FQSFRfQ0VtZEp2V2VnRy1ZNk95ejZCRWZNdyIsInRva2VuX3R5cGUiOiJwb3AifQ.Rr8uKUxn8lMbdr92tbZYO_KCyTg0Gy6duTt96_-Tc0d1GVhTX0UEk7wmJUN4zp-8Xub5SHhQENw9dmI11__bBi-vK1pc4wXfQqy8UhTYnEbejhF0t0WlHDSz2JcDFbJSJ08RX0rwPIFFsnr6IM7Df0hOCHj6xTGHJLGVrwINLe7M_g6FhTbOPMv9zfAoMvI0E_xI3NS80chfmpfRr04qhle8FF3vC-1IuchXZESwOOM-_caVU4xp-J71zdUuLhwahWZ5GnSELfKyDtOOzK0DLFqDDVhr0MeB8rQ79ZkWQVzu65fAvy-EkZAQa3iIM6io7yxcwNVGcewB_j5WPSetWQ' -H 'Origin: http://localhost:8080' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36' -H 'Accept: */*' -H 'Sec-Fetch-Site: cross-site' -H 'Sec-Fetch-Mode: cors' -H 'Referer: http://localhost:8080/bug' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: nssidp.sid=s%3AzxnnHfuwjW2a83MJUkBvvO-OBaox9MDD.ofF1t32DGikokCOc5L7Y85TKw735HRQwGwF%2FmkD1MNg' --compressed

Answer 3 · 2019-11-19T15:11:23.000Z

Ah, you haven't added your app to your trusted apps.

Log into your pod and go to your root folder. Then go to the preferences tab. You can add your origin there.