[annotator-dev] x-annotator-auth-token

Fri Mar 21 17:01:26 UTC 2014

Initially I did see that warning, which stopped appearing after I included all the required fields in the token payload.

Sometimes when I load up my app, Annotator will only make one call to get the token, other times it will make hundreds of token calls in the span of a few seconds, so something is obviously wrong there. However, even when that happens, I'm not seeing any warnings in the console.

On Friday, March 21, 2014 12:56 AM, Randall Leeds <tilgovi at hypothes.is> wrote:

Do you see a warning in your script console, "Didn't get a valid token"?
Or if you see the Annotator making requests to your token URL every ten seconds, then it means the application isn't receiving it correctly.
I cannot see what is wrong with your code, if anything.

On Thu, Mar 20, 2014 at 2:18 PM, Andrew MacDonald <andrew_james_macdonald at yahoo.com> wrote:

I wouldn't be surprised if that were the case.
>
>
>Here's the code:
>1) The relevant code from my HttpServlet: http://pastebin.com/bgEWbKhE
>
>2) The JWTUtils code: http://pastebin.com/ryEQtLB0
>
>
>Andrew
>
>
>
>On Thursday, March 20, 2014 5:04 PM, Randall Leeds <tilgovi at hypothes.is> wrote:
> 
>Then it certainly seems like the token code might not be quite right.
>
>Can you share the code you're using to generate the token?
>
>
>
>
>On Thu, Mar 20, 2014 at 11:22 AM, Andrew MacDonald <andrew_james_macdonald at yahoo.com> wrote:
>
>Thanks for the quick reply.
>>
>>
>>1) I'm using v.1.2.7
>>
>>
>>2) I would assume so. This is the extent of my Annotator configuration:
>>$('#'+containerId).annotator().annotator('setupPlugins', {
>>    tokenUrl: 'http://localhost:8080/base/token'
>>});
>>
>>
>>3) I think so. For the token payload:
>>consumerKey = my consumer key on annotateit.org
>>userId = my user name on annotateit.org
>>
>>
>>When I construct the actual token with JsonToken, I first have to construct the signer using HmacSHA256Signer (https://code.google.com/p/jsontoken/source/browse/trunk/src/main/java/net/oauth/jsontoken/crypto/HmacSHA256Signer.java). I pass it the following:
>>issuer = same as userId above
>>keyId = same as consumerKey above
>>keyBytes = the bytes from my consumer secret
>>
>>
>>
>>On Thursday, March 20, 2014 1:56 PM, Randall Leeds <tilgovi at hypothes.is> wrote:
>> 
>>Some questions 
>>
>>
>>- What version of Annotator?
>> - Are you using the default Store plugin in both cases?
>> - Just to be sure, are you using your credentials from your user page on annotateit.org to generate your token?
>>
>>
>>
>>
>>On Thu, Mar 20, 2014 at 8:57 AM, Andrew MacDonald <andrew_james_macdonald at yahoo.com> wrote:
>>
>>Hello dev team,
>>>
>>>
>>>I'm having trouble getting my local authentication working with the AnnotateIt store.
>>>
>>>
>>>So far, I have produced a local authentication token endpoint, using the JsonToken Java library. This seems to work, as the Annotator plugin calls my endpoint and it returns a token (and the Annotator doesn't throw any "couldn't get auth token" errors). However, when I try to store an annotation on AnnotateIt I get a 401 unauthorized response. When I use the http://annotateit.org/api/token endpoint for authorization, everything works as expected. Comparing the headers between the two approaches, I notice that when using my local authentication, subsequent calls to AnnotateIt don't include the x-annotator-auth-token request header, which I assume is why I'm getting the unauthorized response.
>>>
>>>
>>>Any idea what I'm doing wrong? If you require more details please let me know.
>>>
>>>
>>>Thanks,
>>>Andrew
>>>_______________________________________________
>>>annotator-dev mailing list
>>>annotator-dev at lists.okfn.org
>>>https://lists.okfn.org/mailman/listinfo/annotator-dev
>>>Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
>>>
>>>
>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20140321/4bf96119/attachment-0004.html>