[annotator-dev] TokenUrl problem

Andy Kinge kinge.andy at gmail.com
Tue Oct 13 14:45:09 UTC 2015

Hi Randall,

Here are the headers from the tokenUrl response:

HTTP/1.1 200 OK
Date: Tue, 13 Oct 2015 14:25:43 GMT
Server: Apache/2.4.10 (Debian)
Access-Control-Allow-Origin: http://dangerousideassouthampton.org.uk
Access-Control-Expose-Headers: Location, Content-Type, Content-Length
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 221
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain; charset=utf-8

I'm using the python code from the Authentication docs to generate the
token, just adding the Content-Type and CORS headers.

On 12 October 2015 at 23:05, Randall Leeds <randall at bleeds.info> wrote:

> Can you paste the full headers of the tokenUrl response?
> On Mon, Oct 12, 2015 at 2:19 PM Andy Kinge <kinge.andy at gmail.com> wrote:
>> Hi,
>> I'm attempting to use v1.2.10 (i.e. latest stable) of annotator on a
>> single page on my own website, using annotateit.org for storage and with
>> my own token generator to provide delegated authentication so that many
>> people can annotate the page.
>> I thought I had wired it all together correctly, but I'm finding that I
>> can't authenticate with http://annotateit.org/api/annotations if I use
>> tokenUrl in the config, like so:
>> jQuery(function ($) {
>>     $('#content').annotator().annotator('addPlugin', 'Auth', { tokenUrl: '
>> http://mydomain/cgi-bin/token' });
>>     ...
>> POST http://annotateit.org/api/annotations 401 UNAUTHORIZED
>> "Cannot authorize request (create annotation). Perhaps you're not logged in as a user with appropriate permissions on this annotation? (user=None, consumer=None)"
>> however, if I take the token generated by my generator and paste it
>> directly in the config like this:
>>  $('#content').annotator().annotator('addPlugin', 'Auth', { token:
>> 'eyJhbGciOiJIUzI1***************'}); /*token redacted for this example */
>> then I can authenticate, create annotations and they are persisted as
>> expected.
>> I've noticed that in the latter case, the token is passed to the
>> annotations endpoint in an x-annotator-auth-token header, but with
>> tokenUrl this doesn't happen.
>> I've obviously missed something basic, but I can't for the life of me see
>> why it's not working, any pointers would be gratefully received!
>> Thanks
>> Andy
>> _______________________________________________
>> annotator-dev mailing list
>> annotator-dev at lists.okfn.org
>> https://lists.okfn.org/mailman/listinfo/annotator-dev
>> Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20151013/1c4702a1/attachment-0004.html>

More information about the annotator-dev mailing list