DEVHIDE
Login Or Sign up

Unexplainable 403 error "User not allow to perform the action" in Keyrock

174 Views Asked by At

I've been struggling for a while with this issue and wondered if anyone else had the same problem.

I've got a Keyrock 7.8.0 + MySQL architecture running with docker as FIWARE tutorials suggest. I can access both GUI and API through localhost:3005. Everything seems to work fine through GUI with admin user but when it comes to granting, with admin Auth-Token, a role to a user

curl -X PUT \
  http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/users/c8336e47-8e3b-4081-b0f7-b2a3431847d7/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3 \
  -H 'Accept: */*' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 0' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
  -H 'Host: localhost:3005' \
  -H 'Postman-Token: cb7e8ae3-87b4-4d8e-9fb7-a66ef439a7cf,7f736505-8c7e-4991-8449-ebd6e54714f7' \
  -H 'User-Agent: PostmanRuntime/7.19.0' \
  -H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
  -H 'cache-control: no-cache'

or an organization, 

curl -X PUT \
  http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/organizations/d98534f7-ecaa-4c38-93cc-c17d87f010ee/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3/organization_roles/member \
  -H 'Accept: */*' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 0' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
  -H 'Host: localhost:3005' \
  -H 'Postman-Token: 11fc3dbb-8484-482f-8bc1-af89dcdeebb5,8bfdcdb5-f200-4bee-bcee-a8f6d83b18f0' \
  -H 'User-Agent: PostmanRuntime/7.19.0' \
  -H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
  -H 'cache-control: no-cache'

it just responds with this error in the body:

{
    "error": {
        "message": "User not allow to perform the action",
        "code": 403,
        "title": "Forbidden"
    }
}

Anyone knows how can it be that the same user has permission to do a thing through the GUI and not through the API?

http-status-code-403 fiware fiware-keyrock
Original Q&A
1

There are 1 best solutions below

1
On

We encountered the same issue and probably found a solution:

According to the documentation for assigning roles to organizations or for assigning roles to users, the HTTP verb PUT must be used. In reality, Keyrock then responds with the following error message:

{ 
   "error": {
      "message": "User not allow to perform the action",
      "code": 403,
      "title": "Forbidden"   
   }
}

When we use the HTTP verb POST instead of PUT, the role is assigned successfully to the organization/user.

Therefore, we assume that either the documentation or the implementation is faulty.

Source: https://github.com/ging/fiware-idm/issues/144

Related Questions in HTTP-STATUS-CODE-403

Related Questions in FIWARE

Related Questions in FIWARE-KEYROCK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.