nuxeo/nuxeo-js-client

Nuxeo api automation does not support OAUTH2 authentication

Closed this issue · 2 comments

raymond10 commented

Hi @troger , @kevinleturc

I try nuxeo-js-client with LTS2021 and I ca not login through OAUTH2 token.
I always get http 401 statut.

curl -H "Authorization:Bearer 012453xxgqzl45" -X POST https://localhost:8080/nuxeo/api/v1/automation/login

Response :

<!doctype html><html lang="en"><head><title>HTTP Status 401 ? Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 ? Unauthorized</h1></body></html>%

The thing is why after using oauth2.fetchAccessTokenFromJWTToken and connected (function connect() ) with have to connect to the cmis and the automation?
Look at here :

nuxeo-js-client/lib/nuxeo.js

Line 95 in f9a786c

finalOptions.url = join(this._automationURL, 'login');

When I try Basic AUTH, the are no problem, but the thing is, I'm connecting to nuxeo-js-client through OAUTH2 token.

On my server side I have my auth.xml set like :

...
<specificAuthenticationChain name="RestAPI">
                        <urlPatterns>
                                <url>(.*)/api/v.*</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                                <plugin>OAUTH2_AUTH</plugin>
                                <plugin>JWT_AUTH</plugin>
                                <!-- <plugin>ANONYMOUS_AUTH</plugin> -->
                        </replacementChain>
                </specificAuthenticationChain>

                <specificAuthenticationChain name="ATOM_CMIS">
                        <urlPatterns>
                                <url>(.*)/atom/cmis(/.*)?</url>
                                <url>(.*)/atom/cmis10(/.*)?</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                        </replacementChain>
                </specificAuthenticationChain>

                <specificAuthenticationChain name="JSON_CMIS">
                        <urlPatterns>
                          <url>(.*)/json/cmis(/.*)?</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                        </replacementChain>
                  </specificAuthenticationChain>

                <specificAuthenticationChain name="TokenAuth">
                        <headers>
                          <header name="X-Authentication-Token">.*</header>
                        </headers>
                        <replacementChain>
                                <plugin>TOKEN_AUTH</plugin>
                                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                        </replacementChain>
                  </specificAuthenticationChain>
...

Thanks for your help

troger commented

Hello,

Add <plugin>OAUTH2_AUTH</plugin> to your specificAuthenticationChain name=JSON_CMIS. You should probably do the same for the specificAuthenticationChain name=Automation if you have defined one.

The JS client currently use the cmis endpoint to retrieve the Nuxeo version.

raymond10 commented

Hello,
Thanks for your reply.
I did it and it works fine.