Authentication using an authorization server not working



  • We want to implement token-based authentication using an OpenID authorization server that we have for the jsreport http api.

    We followed the steps and config changes given on this link.

    But our API requests are not being authenticated.



  • This is my docker file content:

    0_1706612689323_upload-1fae85f7-bfa8-4fe4-9ca5-0da282dfffa3


  • administrators

    hi! did you check the example we have here? there is a step by step guide in the README that should help.

    how are you applying the options? do you have a jsreport.config.json?
    what local files are you using for this docker image? (i mean what exactly are you passing to container when doing this COPY . /app/?)

    are you trying the Single sign on (authentication with browser)? or the token based authentication (token in http api)? or both?

    what kind of error do you get when the authentication does not work?



  • We have an authorization server hosted already.
    We are applying options in jsreport.config.json file.

    0_1706692109890_upload-3fa4d5f1-22ae-4ae2-8b9f-bf5479993a41

    We want to have both i.e. single sign-on for the studio as well as token-based authentication for API. But first, we wanted to test the token-based authentication for API.

    After doing the required changes in the config file, when we send the HTTP request with the bearer token, it does not validate only. The request goes through.

    Please guide us on how to set up this. Are we missing anything?


  • administrators

    so far the only thing i can see is that you are applying the authorization server in wrong way, the endpoints, studioClient, apiResource, authorizationRequest, introspectionRequest values should be nested, inside the authorizationServer object, take a look at the config file from the example https://github.com/bjrmatos/jsreport-with-authorization-server-sample/blob/master/jsreport-server/jsreport.config.json to compare against your configuration.



  • Apologies! I corrected the placement:

    0_1706719957844_upload-9fe66f4b-df3c-42ae-874e-e70235a5cc18

    But it works only for Basic auth. For Bearer auth, it gives a 401 response.



  • Are we missing anything here?


  • administrators

    the configuration looks good, at least generally.

    But it works only for Basic auth. For Bearer auth, it gives a 401 response.

    don't you see some jsreport logs in your console? there should be more information about the error there.

    if the Bearer is not working then more careful debugging must be done, perhaps the authorization server is not receiving the values in the way it expects, or perhaps the user returned from its endpoints is not attached correctly.

    what are you using for the authorization server? is this a custom node.js server acting as an authorization server? or is this some self host by third party server like KeyCloak or IdentityServer?



  • Hi,
    We are using IdentityServer for our authorization server.

    This is the jsreport log for the API request with the bearer token:

    0_1706779410075_upload-ab6ed31a-d6ce-40d2-82c3-f913212579a0


  • administrators

    i see, i was right to assume that this needs more careful debugging, i would need to debug this to understand why the response of the identity server is wrong. i would need you to share with me the real values of your jsreport.config.json and that the endpoints of the IdentityServer are public so i can reach them from my local computer, if you don't want to make these values public you can email me that to bjrmatos@gmail.com



  • Sure, let me check with my team and get back to you.
    I had a few queries,

    • Are we expecting any change in the identity server?

    • If yes, then will it affect my other applications and consumption?

    • How to enable the jsreport sign-in option with the authorization server for the studio? As we did not find any option or UI element for it.


  • administrators

    • Are we expecting any change in the identity server?

    likely yes, but i won't know for sure until i check the response from the server, there is a chance also that we just need to change a config value to adapt to the response shape of the IdentityServer, in any case i will give you details about what we need to do when checking the response.

    If yes, then will it affect my other applications and consumption?

    likely not, unless you consume the introspection endpoint directly from your app, and work with the response

    How to enable the jsreport sign-in option with the authorization server for the studio? As we did not find any option or UI element for it.

    when you have the authorization server options in your config, when you go to studio login it should already show you an extra button to login with your authorization server (if you have an active session in studio make sure to logout first to test this). if this is not happening for you then i can check this too when you share with me the real values of your configuration



  • I have mailed you the config. In case of any query, please let me know.


  • administrators

    thanks, we will take a look



  • We have mailed you the updated details. Please check.


  • administrators

    i've sent a reply with one issue in the process, let me know when that is verified.



  • This post is deleted!

Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.