OAuth token api status: 403 access denied.. urgent please!

Hi, we’ve been using DHIS2 2.6 in development phase (without updating instance for the 2-3 months). Upon deployment updated to the newest release and having some headache with 403 access denied response when trying to acquire token. At first I thought it was our server setup, but it seems even dhis2.play.org/dev/uaa/oauth/token is giving the same response, curl or postman.

A couple of things to note: There is a correct response when client id and or secret are missing or are incorrect. But if they are correct we always getting 403 access denied, even if grant_type, password and or username are missing (the body get’s completely ignored).

I can provide you server setup details, but it seems the problem is evident @ dhis2.play.org/dev/

Older dhis.war we have works fine btw. If I was to have a stab in the dark, I would aim for springframework.

By the way api works fine with basic auth, can even POST, PATCH etc…

Cheers,

Andrei @ Sustainable Solutions

Hello Andrei.

I believe we have the same issue, also not luck with the demo server. I had sent an email to the dev listserv but I think that’s not an active group anymore. I’m copying my original email down here, perhaps someone can help us both. It’s good to know we’re not the only ones with the problem.

image

···

On Fri, Jul 14, 2017 at 10:15 AM, Andrei Evguenov andrei@sussol.net wrote:

Hi, we’ve been using DHIS2 2.6 in development phase (without updating instance for the 2-3 months). Upon deployment updated to the newest release and having some headache with 403 access denied response when trying to acquire token. At first I thought it was our server setup, but it seems even dhis2.play.org/dev/uaa/oauth/token is giving the same response, curl or postman.

A couple of things to note: There is a correct response when client id and or secret are missing or are incorrect. But if they are correct we always getting 403 access denied, even if grant_type, password and or username are missing (the body get’s completely ignored).

I can provide you server setup details, but it seems the problem is evident @ dhis2.play.org/dev/

Older dhis.war we have works fine btw. If I was to have a stab in the dark, I would aim for springframework.

By the way api works fine with basic auth, can even POST, PATCH etc…

Cheers,

Andrei @ Sustainable Solutions


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Hi guys,

I’m investigating this issue, will update you soon.

···

On Fri, Jul 14, 2017 at 9:42 PM, Jesus Solano-Roman asolano@broadinstitute.org wrote:

Hello Andrei.

I believe we have the same issue, also not luck with the demo server. I had sent an email to the dev listserv but I think that’s not an active group anymore. I’m copying my original email down here, perhaps someone can help us both. It’s good to know we’re not the only ones with the problem.


Hello all.

I am following the guide posted here https://docs.dhis2.org/master/en/developer/html/dhis2_developer_manual_full.html#webapi to obtain credentials to eventually create a web app.

I created a client on DHIS2 (see attached image). I should note I am running the DHIS2 instance locally, therefore my server url is http://localhost:8085 (I cannot use https).

Then on the terminal I run:

curl -X POST -H “Accept: application/json” -u demokenema:$SECRET $SERVER/uaa/oauth/token -d grant_type=password -d username=admin -d password=district

And I get

{“error”:“access_denied”,“error_description”:“Access is denied”}

I have attempted to solve this in many ways without luck. I eventually want to create HTTP requests in a JS application, but I can’t even seem to get credentials using a curl request. Any help would be appreciated.

Thanks!

Antonio.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

On Fri, Jul 14, 2017 at 10:15 AM, Andrei Evguenov andrei@sussol.net wrote:

Hi, we’ve been using DHIS2 2.6 in development phase (without updating instance for the 2-3 months). Upon deployment updated to the newest release and having some headache with 403 access denied response when trying to acquire token. At first I thought it was our server setup, but it seems even dhis2.play.org/dev/uaa/oauth/token is giving the same response, curl or postman.

A couple of things to note: There is a correct response when client id and or secret are missing or are incorrect. But if they are correct we always getting 403 access denied, even if grant_type, password and or username are missing (the body get’s completely ignored).

I can provide you server setup details, but it seems the problem is evident @ dhis2.play.org/dev/

Older dhis.war we have works fine btw. If I was to have a stab in the dark, I would aim for springframework.

By the way api works fine with basic auth, can even POST, PATCH etc…

Cheers,

Andrei @ Sustainable Solutions


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Viet Nguyen

Software Developer, DHIS 2

University of Oslo

http://www.dhis2.org

Hi,

I found the cause of the issue and working on the fix, will update you once it’s done.

Meanwhile it would be nice if you can create an issue on https://jira.dhis2.org for tracking.

Regards,

···

On Mon, Jul 17, 2017 at 10:47 AM, Viet Nguyen viet@dhis2.org wrote:

Hi guys,

I’m investigating this issue, will update you soon.

On Fri, Jul 14, 2017 at 9:42 PM, Jesus Solano-Roman asolano@broadinstitute.org wrote:

Hello Andrei.

I believe we have the same issue, also not luck with the demo server. I had sent an email to the dev listserv but I think that’s not an active group anymore. I’m copying my original email down here, perhaps someone can help us both. It’s good to know we’re not the only ones with the problem.


Hello all.

I am following the guide posted here https://docs.dhis2.org/master/en/developer/html/dhis2_developer_manual_full.html#webapi to obtain credentials to eventually create a web app.

I created a client on DHIS2 (see attached image). I should note I am running the DHIS2 instance locally, therefore my server url is http://localhost:8085 (I cannot use https).

Then on the terminal I run:

curl -X POST -H “Accept: application/json” -u demokenema:$SECRET $SERVER/uaa/oauth/token -d grant_type=password -d username=admin -d password=district

And I get

{“error”:“access_denied”,“error_description”:“Access is denied”}

I have attempted to solve this in many ways without luck. I eventually want to create HTTP requests in a JS application, but I can’t even seem to get credentials using a curl request. Any help would be appreciated.

Thanks!

Antonio.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Viet Nguyen

Software Developer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Jul 14, 2017 at 10:15 AM, Andrei Evguenov andrei@sussol.net wrote:

Hi, we’ve been using DHIS2 2.6 in development phase (without updating instance for the 2-3 months). Upon deployment updated to the newest release and having some headache with 403 access denied response when trying to acquire token. At first I thought it was our server setup, but it seems even dhis2.play.org/dev/uaa/oauth/token is giving the same response, curl or postman.

A couple of things to note: There is a correct response when client id and or secret are missing or are incorrect. But if they are correct we always getting 403 access denied, even if grant_type, password and or username are missing (the body get’s completely ignored).

I can provide you server setup details, but it seems the problem is evident @ dhis2.play.org/dev/

Older dhis.war we have works fine btw. If I was to have a stab in the dark, I would aim for springframework.

By the way api works fine with basic auth, can even POST, PATCH etc…

Cheers,

Andrei @ Sustainable Solutions


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Viet Nguyen

Software Developer, DHIS 2

University of Oslo

http://www.dhis2.org

https://jira.dhis2.org/browse/DHIS2-1931

···

On Mon, Jul 17, 2017 at 10:47 AM, Viet Nguyen viet@dhis2.org wrote:

Hi guys,

I’m investigating this issue, will update you soon.

On Fri, Jul 14, 2017 at 9:42 PM, Jesus Solano-Roman asolano@broadinstitute.org wrote:

Hello Andrei.

I believe we have the same issue, also not luck with the demo server. I had sent an email to the dev listserv but I think that’s not an active group anymore. I’m copying my original email down here, perhaps someone can help us both. It’s good to know we’re not the only ones with the problem.


Hello all.

I am following the guide posted here https://docs.dhis2.org/master/en/developer/html/dhis2_developer_manual_full.html#webapi to obtain credentials to eventually create a web app.

I created a client on DHIS2 (see attached image). I should note I am running the DHIS2 instance locally, therefore my server url is http://localhost:8085 (I cannot use https).

Then on the terminal I run:

curl -X POST -H “Accept: application/json” -u demokenema:$SECRET $SERVER/uaa/oauth/token -d grant_type=password -d username=admin -d password=district

And I get

{“error”:“access_denied”,“error_description”:“Access is denied”}

I have attempted to solve this in many ways without luck. I eventually want to create HTTP requests in a JS application, but I can’t even seem to get credentials using a curl request. Any help would be appreciated.

Thanks!

Antonio.


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Viet Nguyen

Software Developer, DHIS 2

University of Oslo

http://www.dhis2.org

On Fri, Jul 14, 2017 at 10:15 AM, Andrei Evguenov andrei@sussol.net wrote:

Hi, we’ve been using DHIS2 2.6 in development phase (without updating instance for the 2-3 months). Upon deployment updated to the newest release and having some headache with 403 access denied response when trying to acquire token. At first I thought it was our server setup, but it seems even dhis2.play.org/dev/uaa/oauth/token is giving the same response, curl or postman.

A couple of things to note: There is a correct response when client id and or secret are missing or are incorrect. But if they are correct we always getting 403 access denied, even if grant_type, password and or username are missing (the body get’s completely ignored).

I can provide you server setup details, but it seems the problem is evident @ dhis2.play.org/dev/

Older dhis.war we have works fine btw. If I was to have a stab in the dark, I would aim for springframework.

By the way api works fine with basic auth, can even POST, PATCH etc…

Cheers,

Andrei @ Sustainable Solutions


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Viet Nguyen

Software Developer, DHIS 2

University of Oslo

http://www.dhis2.org