[annotator-dev] TokenUrl problem

Andy Kinge kinge.andy at gmail.com
Mon Oct 12 21:19:20 UTC 2015


I'm attempting to use v1.2.10 (i.e. latest stable) of annotator on a single
page on my own website, using annotateit.org for storage and with my own
token generator to provide delegated authentication so that many people can
annotate the page.

I thought I had wired it all together correctly, but I'm finding that I
can't authenticate with http://annotateit.org/api/annotations if I use
tokenUrl in the config, like so:

jQuery(function ($) {
    $('#content').annotator().annotator('addPlugin', 'Auth', { tokenUrl: '
http://mydomain/cgi-bin/token' });

POST http://annotateit.org/api/annotations 401 UNAUTHORIZED

"Cannot authorize request (create annotation). Perhaps you're not
logged in as a user with appropriate permissions on this annotation?
(user=None, consumer=None)"

however, if I take the token generated by my generator and paste it
directly in the config like this:

 $('#content').annotator().annotator('addPlugin', 'Auth', { token:
'eyJhbGciOiJIUzI1***************'}); /*token redacted for this example */

then I can authenticate, create annotations and they are persisted as

I've noticed that in the latter case, the token is passed to the
annotations endpoint in an x-annotator-auth-token header, but with tokenUrl
this doesn't happen.

I've obviously missed something basic, but I can't for the life of me see
why it's not working, any pointers would be gratefully received!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20151012/7c002428/attachment-0003.html>

More information about the annotator-dev mailing list