CODEWITHSUNDEEP
fiwarekeystone
jccampos
jccampos

Reputation: 381

Keyrock doesn't accept user, even when using admin

I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community).

I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance

<keystone ip>:/oauth2/token

The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret

curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>'

The request reaches the keystone and it replies with a 404 (access token not found).

When i try to get oauth2 tokens from keyrock for both the admin and the community, it says 

Error: Root - User access-token not authorized

I can login in horizon with both users.

What did i miss in order to get a oauth2 token from idm?

Edit: Code used to create users:

users_default_pass = '...'
user0 = _register_user(keystone,"user0",passwd=users_default_pass)
keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id)

Edit2: raw response and response from keystone captured with tcpflow

request:

POST /oauth2/token HTTP/1.1
User-Agent: curl/7.35.0
Host: 130.206.118.xxx:5000
Accept: */*
Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY=
Content-Type: application/x-www-form-urlencoded
Content-Length: 143

grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6
write error to stdout

response:

HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Wed, 09 Sep 2015 09:46:19 GMT

{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
write error to stdout

Upvotes: 3

Views: 737

Answers (1)

albertinisg
albertinisg

Reputation: 491

Took me a while to find it :)

In KeyRock, oauth2 is implemented in Horizon. Looking at your request, I've found couple things:

  • You are using HTTP instead of HTTPS
  • Requests are being sent against port 5000 (usually Keystone)

That made me think that your requests are going against Keystone.

By default, KeyRock handles oauth2 requests at Horizon, which means, use https and port 443. As you said, doing requests against Keystone fails:

  HTTP/1.1 404 Not Found
  Vary: X-Auth-Token
  Content-Type: application/json
  Content-Length: 93
  Date: Wed, 09 Sep 2015 15:36:34 GMT

  {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

Make sure you do the request against Horizon with HTTPS and port 443 and everything should work!

Upvotes: 5

Related Questions