loopback authentication error

Question

I've been trying to understand for the last couple of hours why I can't access any of my models after authentication

say I have a model my_model with the following in it's json file

"acls": [
    {
      "accessType": "*",
      "property" : "*",
      "principalType": "ROLE",
      "principalId": "$authenticated",
      "permission": "ALLOW"
    },
    {
      "accessType": "*",
      "property" : "*",
      "principalType": "ROLE",
      "principalId": "$unauthenticated",
      "permission": "DENY"
    }
  ],

and I have a model user that extends User.

i go to http://localhost:3000/explorer and do POST /users/login, receiving some id MY_TOKEN. However, when requesting http://localhost:3000/api/my_model?access_token=MY_TOKEN

I'm getting the following response:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "code": "AUTHORIZATION_REQUIRED",
    "stack": "Error: Authorization Required\n    at 
      bla
    }
 }

I tried to use DEBUG=loopback:security:* but it wasn't really informative.

loopback:security:access-context   ttl 1209600 +3ms
  loopback:security:access-context getUserId() null +2ms
  loopback:security:access-context isAuthenticated() false +1ms
  loopback:security:role Custom resolver found for role $authenticated +1ms
  loopback:security:role isInRole(): $unauthenticated +1ms
  loopback:security:access-context ---AccessContext--- +1ms
  loopback:security:access-context principals: [] +1ms
  loopback:security:access-context modelName my_model +1ms
  loopback:security:access-context modelId undefined +2ms
  loopback:security:access-context property find +1ms
  loopback:security:access-context method find +2ms
  loopback:security:access-context accessType READ +1ms
  loopback:security:access-context accessToken: +1ms
  loopback:security:access-context   id "eYKYFzfKLCF3Pq0QG8xcWjy4ZXR0fYHGLMvj6j5SbR9v30ctWaFAyXpTdFQvZ6FO" +1ms
  loopback:security:access-context   ttl 1209600 +1ms
  loopback:security:access-context getUserId() null +1ms
  loopback:security:access-context isAuthenticated() false +1ms
  loopback:security:role Custom resolver found for role $unauthenticated +1ms
  loopback:security:acl The following ACLs were searched:  +2ms
  loopback:security:acl ---ACL--- +1ms
  loopback:security:acl model my_model +2ms
  loopback:security:acl property * +2ms
  loopback:security:acl principalType ROLE +2ms
  loopback:security:acl principalId $unauthenticated +2ms
  loopback:security:acl accessType * +1ms
  loopback:security:acl permission DENY +1ms
  loopback:security:acl with score: +1ms 7499
  loopback:security:acl ---Resolved--- +1ms
  loopback:security:access-context ---AccessRequest--- +0ms
  loopback:security:access-context  model mo_model +1ms
  loopback:security:access-context  property find +1ms
  loopback:security:access-context  accessType READ +1ms
  loopback:security:access-context  permission DENY +2ms
  loopback:security:access-context  isWildcard() false +1ms
  loopback:security:access-context  isAllowed() false +1ms

Is there any reason why my authentication doesn't work?

thanks alot!

Answer 1

I had this same issue. Come to find out, you cannot have a User with id == 0.

So I deleted the first user I was trying to use and changed the id to 1 and it worked as expected.

Hope this saves someone else the hassle.