Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Token - module doesn't validate #55

Open
maarten-ve opened this issue Nov 30, 2023 · 4 comments
Open

Access Token - module doesn't validate #55

maarten-ve opened this issue Nov 30, 2023 · 4 comments

Comments

@maarten-ve
Copy link

Hi,

i'm trying to implement mod_oauth2 with an Azure AD application registration.
However it doesn't look like it's validating the token:

[root@server ~]# curl https://my.server.com/testar -H "Authorization: Bearer "

<title>401 Unauthorized</title>

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

and debug logs:
[Thu Nov 30 09:27:17.409756 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/server/apache.c(326): [client 10.10.0.208:52050] oauth2_apache_request_context_init: created request context: 0x7f483c00e3a0
[Thu Nov 30 09:27:17.409764 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/mod_oauth2.c(211): [client 10.10.0.208:52050] oauth2_authz_checker: enter
[Thu Nov 30 09:27:17.409770 2023] [oauth2:debug] [pid 18349:tid 139947482806016] src/mod_oauth2.c(243): [client 10.10.0.208:52050] oauth2_authz_checker: leave
[Thu Nov 30 09:27:17.409777 2023] [authz_core:debug] [pid 18349:tid 139947482806016] mod_authz_core.c(820): [client 10.10.0.208:52050] AH01626: authorization result of Require oauth2_claim iss:https://sts.windows.net//: denied (no authenticated user yet)
[Thu Nov 30 09:27:17.409787 2023] [authz_core:debug] [pid 18349:tid 139947482806016] mod_authz_core.c(820): [client 10.10.0.208:52050] AH01626: authorization result of : denied (no authenticated user yet)

config:
<Location /testar>
AuthType oauth2
Require oauth2_claim iss:https://sts.windows.net//

Is this the expected behaviour or am i missing something in configuration here ?

kind regards
@zandbelt
Copy link
Member

see this #51 (reply in thread)

@maarten-ve
Copy link
Author

Unfortunately, haven't been able to make progress it seems.

not exacly sure how to debug this further:

[Fri Dec 08 11:00:25.551414 2023] [authz_core:debug] [pid 122904:tid 139718516180736] mod_authz_core.c(820): [client 10.140.239.208:60299] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Dec 08 11:00:25.551445 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Authorization: Bearer
[Fri Dec 08 11:00:25.551473 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: User-Agent: PostmanRuntime/7.35.0
[Fri Dec 08 11:00:25.551481 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Accept: /
[Fri Dec 08 11:00:25.551487 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Postman-Token: ac8cf0ed-390b-4e55-b3ae-f3d8b6b5aa88
[Fri Dec 08 11:00:25.551493 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Host: nextmove.glpg.com
[Fri Dec 08 11:00:25.551499 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Accept-Encoding: gzip, deflate, br
[Fri Dec 08 11:00:25.551505 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Connection: keep-alive
[Fri Dec 08 11:00:25.551517 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/server/apache.c(326): [client 10.140.239.208:60299] oauth2_apache_request_context_init: created request context: 0x7f12b4010770
[Fri Dec 08 11:00:25.551525 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/mod_oauth2.c(211): [client 10.140.239.208:60299] oauth2_authz_checker: enter
[Fri Dec 08 11:00:25.551531 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/mod_oauth2.c(243): [client 10.140.239.208:60299] oauth2_authz_checker: leave
[Fri Dec 08 11:00:25.551536 2023] [authz_core:debug] [pid 122904:tid 139718516180736] mod_authz_core.c(820): [client 10.140.239.208:60299] AH01626: authorization result of Require oauth2_claim iss:https://sts.windows.net//: denied (no authenticated user yet)

From the other posts i expecte to see more logging from "mod_oauth2.c" here.

kr

@zandbelt
Copy link
Member

zandbelt commented Dec 8, 2023 

 curl https://my.server.com/testar -H "Authorization: Bearer "

does not seem to provide a valid token, or a token at all

@maarten-ve
Copy link
Author

aah, the token disappeared from my copy/paste :

[Fri Dec 08 11:00:25.551445 2023] [oauth2:debug] [pid 122904:tid 139718516180736] src/http.c(158): [client 10.140.239.208:60299] _oauth2_http_request_header_set_add_sanitized: Authorization: Bearer ----access token here----

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zandbelt @maarten-ve