[annotator-dev] x-annotator-auth-token

Andrew MacDonald andrew_james_macdonald at yahoo.com
Thu Mar 20 18:22:37 UTC 2014

Thanks for the quick reply.

1) I'm using v.1.2.7

2) I would assume so. This is the extent of my Annotator configuration:
$('#'+containerId).annotator().annotator('setupPlugins', {
    tokenUrl: 'http://localhost:8080/base/token'

3) I think so. For the token payload:
consumerKey = my consumer key on annotateit.org
userId = my user name on annotateit.org

When I construct the actual token with JsonToken, I first have to construct the signer using HmacSHA256Signer (https://code.google.com/p/jsontoken/source/browse/trunk/src/main/java/net/oauth/jsontoken/crypto/HmacSHA256Signer.java). I pass it the following:
issuer = same as userId above
keyId = same as consumerKey above
keyBytes = the bytes from my consumer secret

On Thursday, March 20, 2014 1:56 PM, Randall Leeds <tilgovi at hypothes.is> wrote:
Some questions 

- What version of Annotator?
 - Are you using the default Store plugin in both cases?
 - Just to be sure, are you using your credentials from your user page on annotateit.org to generate your token?

On Thu, Mar 20, 2014 at 8:57 AM, Andrew MacDonald <andrew_james_macdonald at yahoo.com> wrote:

Hello dev team,
>I'm having trouble getting my local authentication working with the AnnotateIt store.
>So far, I have produced a local authentication token endpoint, using the JsonToken Java library. This seems to work, as the Annotator plugin calls my endpoint and it returns a token (and the Annotator doesn't throw any "couldn't get auth token" errors). However, when I try to store an annotation on AnnotateIt I get a 401 unauthorized response. When I use the http://annotateit.org/api/token endpoint for authorization, everything works as expected. Comparing the headers between the two approaches, I notice that when using my local authentication, subsequent calls to AnnotateIt don't include the x-annotator-auth-token request header, which I assume is why I'm getting the unauthorized response.
>Any idea what I'm doing wrong? If you require more details please let me know.
>annotator-dev mailing list
>annotator-dev at lists.okfn.org
>Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20140320/04d24c90/attachment-0004.html>

More information about the annotator-dev mailing list