API Authorization fails when request is sent from the Mobile application but succeeds when the same request is sent via postman

neetigyasaxena · February 29, 2024, 8:01pm

I am attempting to connect with a page. Here are the steps:

Generate a client_credential token - SUCCESS
access the guest api pages - SUCCESS
if the user is valid and there is no need for password reset - SUCCESS
generate a new access token “password_credentials” - SUCCESS
use that token to access [GET request] : api/account_info - FAILS

at stage 5 the $u->isRegistered() returns null when the request is being sent by the Mobile application (iOS). but the same request using the same token results in appropriate response when it’s sent from POSTMAN.

Please help with above request. Also, in the code, how can I output the token that is being sent (just to verify).

Let me know if I should add more details.

hutman · March 1, 2024, 2:56pm

What is the error that you’re getting? When we used the API I had to add these lines to the .htaccess

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

neetigyasaxena · March 1, 2024, 6:49pm

Thank You
I think I have read your other post and I did try adding these lines but didn’t have success with that. I will try again.

I get two different types of errors. One is

Exception Occurred: /Source/updates/concrete-cms-9.2.4/concrete/vendor/league/oauth2-server/src/Exception/OAuthServerException.php:243 The resource owner or authorization server denied the request. (9)

and in the other type of error, I try to access user object but it’s set to null. So I would assume the token verification have failed.

How can I check if the token properties.

EvanCooper · March 8, 2024, 2:35am

If you create a demo and configure the object / API and try to recreate, do you run into the same issue?
https://community.concretecms.com/get-concrete-site