Menu
SuiteCRM dedicated support by SalesAgility
Welcome, Guest
Username: Password: Remember me

TOPIC: 7.10 v8 API Error: access_denied Hint: Missing "Authorization" header

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 5 months 3 weeks ago #66395

  • judgerod
  • judgerod's Avatar
  • Offline
  • Junior Member
  • Posts: 20
  • Karma: 0
My Environment
PHP 7.0
MySQL 5.6
CentOS 6.9
Apache 2.4
SuiteCRM 7.10.4

If anyone have a solution or having a similar experience, please let me know. I've listed all the relevant information below I that I have investigated trying to fix this issue. I don't have any error messages in Apache Error Logs pertaining to this issue.

*************************************************************************
I'm receiving the following error message in the suitecrm.log when I try to invoke the version 8 of the APIs:
[-none-][FATAL] [ERROR] [ResourceServer] Code: 9 Message: The resource owner or authorization server denied the request. ErrorType: access_denied Hint: Missing "Authorization" header

*************************************************************************
This is the error message I get in the error.log:
[22-May-2018 12:23:14 America/New_York] PHP Fatal error: Uncaught RuntimeException: Unexpected data in output buffer. Maybe you have characters before an opening <?php tag? in /<suitecrmpath>/vendor/slim/slim/Slim/App.php:604
Stack trace:
#0 /<suitecrmpath>/vendor/slim/slim/Slim/App.php(316): Slim\App->finalize(Object(Slim\Http\Response))
#1 /<suitecrmpath>/lib/API/core/app.php(83): Slim\App->run()
#2 /<suitecrmpath>/lib/API/public/index.php(5): require_once('/home/hhadmin/a...')
#3 {main}
thrown in /<suitecrmpath>/vendor/slim/slim/Slim/App.php on line 604


*************************************************************************
I'm following the example code but have tweak it since it had some coding errors: This is the code:

<?php
$ch = curl_init();

$header = array(
'Content-type: applicatoin/vnd.api+json',
'Accept: application/vnd.api+json',
);

$postStr = json_encode(array(
'grant_type' => 'client_credentials',
'client_id' => 'removed-b9b9-ded8-c2e0-removed',
'client_secret' => '',
'scope' => 'standard:create standard:read standard:update standard:delete stand:relationship:create standard:relationship:read standard:relationship:update standard;relationship:delete'
));

$url = 'https://<myurl-removed>/api/oauth/access_token';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

$output = curl_exec($ch);

echo "the response(output):\n";
print($output);
$txt ="\ncompleted\n";

echo $txt;
print($url);
echo "\n";
print($postStr);
print("\n\n")
?>

*************************************************************************
I've also checked my .htaccess file to ensure the api mods were correct. This is what I have:

# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch 403 (?i).*\.log$
RedirectMatch 403 (?i)/+not_imported_.*\.txt
RedirectMatch 403 (?i)/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+.*\.(php|tpl)
RedirectMatch 403 (?i)/+emailmandelivery\.php
RedirectMatch 403 (?i)/+upload
RedirectMatch 403 (?i)/+cache/+diagnostic
RedirectMatch 403 (?i)/+files\.md5$
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
# END SUGARCRM RESTRICTIONS
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ myurl-removed.com

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/SuiteCRM/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
<FilesMatch "\.(jpg|png|gif|js|css|ico)$">
<IfModule mod_headers.c>
Header set ETag ""
Header set Cache-Control "max-age=2592000"
Header set Expires "01 Jan 2112 00:00:00 GMT"
</IfModule>
</FilesMatch>
<IfModule mod_expires.c>
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
</IfModule>
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 4 months 2 weeks ago #68344

  • davide-bca
  • davide-bca's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 1
Hello
Same issue here, but without the errors in the log (no errors at all for me), just a 401 in the access_log.
Trying both Postman and jMeter, no success.
Should you have found a solution, let us know!
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 4 months 2 weeks ago #68345

  • judgerod
  • judgerod's Avatar
  • Offline
  • Junior Member
  • Posts: 20
  • Karma: 0
I didn't find a solution. I just used v4.1 version of the APIs
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 4 months 2 weeks ago #68357

  • davide-bca
  • davide-bca's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 1
Hello
I did some research, and I managed to have the v8 API working.
There are several issues here and unfortunately I dont' have the bandwidth to provide a quality report, I hope this may help anyway.

WRT the Authorization issue, I could solve it as described here, by adding the
SetEnvIf
to .htaccess.
Note that the
RewriteRule
is already in place, I don't know Apache/PHP enough to determine why this is required.

That fixed, I had an issue with the token being immediately revoked. This is a known issue, and was indeed fixed by modifying the timezone in php.ini.

Finally, I should say that I am using a bitnami image on AWS, updated to the latest stable release (7.10.7).

Hope this helps
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 4 months 1 day ago #69229

  • nairit84
  • nairit84's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Also faced with the same issue and now struggling against it. I am a .NET developer and not really familiar with LAMP stack. But liked suite CRM. Could you provide your .htaccess so I could compare it with mine?

The part of mine looks like and it is an image of Bitnami Suite CRM on Azure(surprise surprise)

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
#RewriteBase /suitecrm
RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

But I didn't really got on what should be [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] replaced.
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 3 months 2 weeks ago #70022

  • davide-bca
  • davide-bca's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 1
Hello
sorry for the late reply

This is the relevant part of my .htaccess
<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&modulename=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&modulename=$1&lang=$2 [L,QSA]
    RewriteRule ^cache/jsLanguage/(.._..).js$ index.php?entryPoint=jslang&module=app_strings&lang=$1 [L,QSA]
    RewriteRule ^cache/jsLanguage/(\w*)/(.._..).js$ index.php?entryPoint=jslang&module=$1&lang=$2 [L,QSA]
    RewriteRule ^api/(.*?)$ lib/API/public/index.php/$1 [L]
    RewriteRule ^api/(.*)$ - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
# END SUGARCRM RESTRICTIONS

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

but it took some try/error before I had it working so I wouldn't recommend a plain copy/paste
The administrator has disabled public write access.

7.10 v8 API Error: access_denied Hint: Missing "Authorization" header 3 months 4 days ago #70350

  • dynorodney
  • dynorodney's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Hi

Anyone else hitting this same problem still?. Im on 7.10.7 and I too have seen the errors in the example code - specifically the open backtick at the end of the second header array line and the reference to url rather than $url on the first curl_setopt line but with the code updated to the below
$ch = curl_init();
$header = array(
    'Content-type: application/vnd.api+json',
    'Accept: application/vnd.api+json',
 );
$postStr = json_encode(array(
    'grant_type' => 'client_credentials',
    'client_id' => 'my_created_client_id',
    'client_secret' => 'my_provided_secret',
    'scope' => 'standard:create standard:read standard:update standard:delete standard:delete standard:relationship:create standard:relationship:read standard:relationship:update standard:relationship:delete'
));
$url = 'https://mydomain.co.uk/api/oauth/access_token';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
print_r($output);

I am getting the

{"error":"access_denied","message":"The resource owner or authorization server denied the request.","hint":"Missing \"Authorization\" header"}

Ive run through the rebuild htaccess code in the admin system and Ive added the SetEnvIf into my .htaccess just in case, but still getting the same

This is with Apache 2.4 , PHP 7.2 , Linux

Whats confusing me is that the $header is being set up with a Content-type and an Accept header but no Authorization - so Im not surprised its squawking with a missing authorization header

Im obviously doing something wrong

If anyone can point me in the right direction?

Thanks

Tony
The administrator has disabled public write access.
Time to create page: 0.077 seconds
Powered by Kunena Forum