(401) Unauthorized when making a request to spotfire api /c#

[Magnus Carlstrm]

I am getting 401 error when I am trying to connect to sportfire api.

My code

public static UserDirectoryServiceClient CreateConnectionSpotifireAPI()

{

WcfCookieManager.CookieManagerEndpointBehavior_wcfCookieBehavior

= new WcfCookieManager.CookieManagerEndpointBehavior();

 

BasicHttpBinding HTTPBinding = new BasicHttpBinding();

 

HTTPBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;

HTTPBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

 

EndpointAddress DirectoryEndpoint

= new EndpointAddress(ConfigurationManager.AppSettings["SpotfireEndpointAddress"].ToString());

 

UserDirectoryServiceClient uds = new UserDirectoryServiceClient(HTTPBinding, DirectoryEndpoint);

uds.Endpoint.Behaviors.Add(_wcfCookieBehavior);

 

getOAuthToken(ConfigurationManager.AppSettings["SpotfireStartpointAddress"].ToString(), _

wcfCookieBehavior);

 

return uds;

}

 

static void getOAuthToken(string strServerURL,

WcfCookieManager.CookieManagerEndpointBehavior _wcfCookieBehavior)

{

// config register-api-client --name APIImpersonateClient -Sapi.soap.impersonate

// possible Scopes from com.spotfire.server.security.oauth.OAuthScopes class

// "api.soap.library-service", "api.soap.update-analysis-service",

// "api.soap.information-model-service", "api.soap.license-service",

// "api.soap.user-directory-service", "api.soap.impersonate";

/*

C:tibcotss7.13.0tomcatbin>config register-api-client -n TestAPIClient -Sapi.soap.library-service -Sapi.soap.user-directory-service

C:tibcotss7.13.0tomcatbin>config register-api-client -n TestAPIClient -Sapi.soap.library-service -Sapi.soap.user-directory-service

Tool password:

Successfully registered a new API client with the display name 'TestAPIClient':

Client ID:

Client secret:

To view the full client configuration, please use the 'show-oauth2-client' command.

*/

 

// New with api.soap.impersonate

string oAuthClientID = ConfigurationManager.AppSettings["SpotfireClientId"].ToString();

string oAuthClientSecret = ConfigurationManager.AppSettings["SpotfireClientSecret"].ToString();

 

string urlOAuth = strServerURL + "/oauth2/token";

 

try

{

System.Console.WriteLine("Retrieving OAuth Token from: " + urlOAuth);

 

HttpWebRequest wrOAuth = (HttpWebRequest)WebRequest.Create(urlOAuth);

 

string oAuthClientInfo = WebUtility.UrlEncode(oAuthClientID) + ":"

+ WebUtility.UrlEncode(oAuthClientSecret);

 

string base64OAuth = Convert.ToBase64String(Encoding.UTF8.GetBytes(oAuthClientInfo));

 

wrOAuth.Headers["Authorization"] = "Basic " + base64OAuth;

wrOAuth.Method = "POST";

wrOAuth.ContentType = "application/x-www-form-urlencoded;charset=UTF-8";

byte[] postBytes

= Encoding.UTF8.GetBytes("grant_type=client_credentials&scope="

+ WebUtility.UrlEncode("api.soap.library-service api.soap.user-directory-service"));

// WebUtility.UrlEncode("internal.automation-services-job.execute"));

// api.soap.impersonate

wrOAuth.ContentLength = (long)postBytes.Length;

using (Stream requestStream = wrOAuth.GetRequestStream())

{

requestStream.Write(postBytes, 0, postBytes.Length);

}

 

HttpWebResponse response = (HttpWebResponse)wrOAuth.GetResponse();

 

When I rungetresponse I get 401..

In the access log I get

unknown [04/Sep/2019:13:42:53 +0200] "POST /spotfire/api/soap/oauth2/token HTTP/1.1" 401 -

I have register the api likeconfig register-api-client -n TestAPIClient -Sapi.soap.library-service -Sapi.soap.user-directory-service and added administrator to that user.

the api is enabled andCSRF is disabled.

 

What is wrong I just upgraded to 10.4.

It looks lite the authorization is not sent but it is added to the header.

[Shandilya Peddi]

To start with can enable debug logging on Spotfire Server, reproduce the issue and check for any errors in the server.log or you can attach the log here for review

[Magnus Carlstrm]

TRACE 2019-09-04T14:59:13,816+0200 [] server.security.RequestMatcher: Found URL pattern match /api/* for URL /api/soap/oauth2/token

TRACE 2019-09-04T14:59:13,816+0200 [] server.security.RequestContextFilter: The request URL matches the security config 'public.api.new'

TRACE 2019-09-04T14:59:13,816+0200 [unknown, #-, #3469] server.security.CustomAuthFilterWrapper: Skipping Custom Authentication Filter for request for /spotfire/api/soap/oauth2/token

TRACE 2019-09-04T14:59:13,816+0200 [unknown, #-, #3469] server.security.SecurityFilter: Filtering request: HTTP POST /api/soap/oauth2/token on port 80 from 91.196.241.164 at port number 59350

TRACE 2019-09-04T14:59:13,816+0200 [unknown, #-, #3469] server.security.SecurityFilter: Checking the implicit security constraints for the requested FRONTEND resource /api/soap/oauth2/token

TRACE 2019-09-04T14:59:13,816+0200 [unknown, #-, #3469] security.headers.HeadersFilter: Invoking header directives

DEBUG 2019-09-04T14:59:13,816+0200 [unknown, #-, #3469] server.security.SecurityFilter: Returning from filter after requesting the client to authenticate

[Magnus Carlstrm]

I added trace code

[Jens Borgland]

This is not the right path to the OAuth2 token endpoint:/spotfire/api/soap/oauth2/token

- remove the "api" and "soap" segments (so /spotfire/oauth2/token). "/spotfire/api/soap" is however the right prefix for the actual SOAP services.