← Back to team overview

dhis2-users team mailing list archive

Re: OAuth token api status: 403 access denied.. urgent please!

 

Hi guys,

I'm investigating this issue, will update you soon.

On Fri, Jul 14, 2017 at 9:42 PM, Jesus Solano-Roman <
asolano@xxxxxxxxxxxxxxxxxx> wrote:

> Hello Andrei.
>
> I believe we have the same issue, also not luck with the demo server. I
> had sent an email to the dev listserv but I think that's not an active
> group anymore. I'm copying my original email down here, perhaps someone can
> help us both. It's good to know we're not the only ones with the problem.
>
> _______________
>
> *Hello all.*
>
> *I am following the guide posted here
> https://docs.dhis2.org/master/en/developer/html/dhis2_developer_manual_full.html#webapi
> <https://docs.dhis2.org/master/en/developer/html/dhis2_developer_manual_full.html#webapi>
> to obtain credentials to eventually create a web app.*
>
> *I created a client on DHIS2 (see attached image). I should note I am
> running the DHIS2 instance locally, therefore my server url is
> http://localhost:8085 <http://localhost:8085> (I cannot use https).*
>
> *Then on the terminal I run:*
>
> *curl -X POST -H "Accept: application/json" -u demokenema:$SECRET
> $SERVER/uaa/oauth/token -d grant_type=password -d username=admin -d
> password=district*
>
>
> *And I get*
>
> *{"error":"access_denied","error_description":"Access is denied"}*
>
>
> *I have attempted to solve this in many ways without luck. I eventually
> want to create HTTP requests in a JS application, but I can't even seem to
> get credentials using a curl request. Any help would be appreciated.*
>
>
> *Thanks!*
>
>
>
> *Antonio.*
>
> On Fri, Jul 14, 2017 at 10:15 AM, Andrei Evguenov <andrei@xxxxxxxxxx>
> wrote:
>
>> Hi, we’ve been using DHIS2 2.6 in development phase (without updating
>> instance for the 2-3 months).  Upon deployment updated to the newest
>> release and having some headache with 403 access denied response when
>> trying to acquire token. At first I thought it was our server setup, but it
>> seems even dhis2.play.org/dev/uaa/oauth/token is giving the same
>> response, curl or postman.
>>
>> A couple of things to note: There is a correct response when client id
>> and or secret are missing or are incorrect. But if they are correct we
>> always getting 403 access denied, even if grant_type, password and or
>> username are missing (the body get’s completely ignored).
>>
>> I can provide you server setup details, but it seems the problem is
>> evident @ dhis2.play.org/dev/
>>
>> Older dhis.war we have works fine btw. If I was to have a stab in the
>> dark, I would aim for springframework.
>>
>> By the way api works fine with basic auth, can even POST, PATCH etc..
>>
>> Cheers,
>> Andrei @ Sustainable Solutions
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-users
>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-users
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-users
> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-users
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 

Viet Nguyen
Software Developer, DHIS 2
University of Oslo
http://www.dhis2.org

Follow ups

References