[annotator-dev] x-annotator-auth-token

Randall Leeds tilgovi at hypothes.is
Thu Mar 20 21:04:01 UTC 2014


Then it certainly seems like the token code might not be quite right.

Can you share the code you're using to generate the token?


On Thu, Mar 20, 2014 at 11:22 AM, Andrew MacDonald <
andrew_james_macdonald at yahoo.com> wrote:

> Thanks for the quick reply.
>
> 1) I'm using v.1.2.7
>
> 2) I would assume so. This is the extent of my Annotator configuration:
> $('#'+containerId).annotator().annotator('setupPlugins', {
>     tokenUrl: 'http://localhost:8080/base/token'
> });
>
> 3) I think so. For the token payload:
> consumerKey = my consumer key on annotateit.org
> userId = my user name on annotateit.org
>
> When I construct the actual token with JsonToken, I first have to
> construct the signer using HmacSHA256Signer (
> https://code.google.com/p/jsontoken/source/browse/trunk/src/main/java/net/oauth/jsontoken/crypto/HmacSHA256Signer.java).
> I pass it the following:
> issuer = same as userId above
> keyId = same as consumerKey above
> keyBytes = the bytes from my consumer secret
>
>
>   On Thursday, March 20, 2014 1:56 PM, Randall Leeds <tilgovi at hypothes.is>
> wrote:
>  Some questions
>
> - What version of Annotator?
>  - Are you using the default Store plugin in both cases?
>  - Just to be sure, are you using your credentials from your user page on
> annotateit.org to generate your token?
>
>
> On Thu, Mar 20, 2014 at 8:57 AM, Andrew MacDonald <
> andrew_james_macdonald at yahoo.com> wrote:
>
> Hello dev team,
>
> I'm having trouble getting my local authentication working with the
> AnnotateIt store.
>
> So far, I have produced a local authentication token endpoint, using the
> JsonToken Java library. This seems to work, as the Annotator plugin calls
> my endpoint and it returns a token (and the Annotator doesn't throw any
> "couldn't get auth token" errors). However, when I try to store an
> annotation on AnnotateIt I get a 401 unauthorized response. When I use the
> http://annotateit.org/api/token endpoint for authorization, everything
> works as expected. Comparing the headers between the two approaches, I
> notice that when using my local authentication, subsequent calls to
> AnnotateIt don't include the x-annotator-auth-token request header, which I
> assume is why I'm getting the unauthorized response.
>
> Any idea what I'm doing wrong? If you require more details please let me
> know.
>
> Thanks,
> Andrew
>
> _______________________________________________
> annotator-dev mailing list
> annotator-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/annotator-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20140320/cb6c20fe/attachment-0004.html>


More information about the annotator-dev mailing list