[annotator-dev] TokenUrl problem

Tue Oct 13 21:39:42 UTC 2015

Yes, it seems to get the token from the server ok, I see it come back in
the response in Firebug but then it doesn't seem to use it for the POST.

On 13 October 2015 at 19:54, Randall Leeds <randall at bleeds.info> wrote:

> That is very strange. Does tokenUrl make a request for the token from your
> server or does it not even get that far?
>
> On Tue, Oct 13, 2015 at 7:45 AM Andy Kinge <kinge.andy at gmail.com> wrote:
>
>> Hi Randall,
>>
>> Here are the headers from the tokenUrl response:
>>
>> HTTP/1.1 200 OK
>> Date: Tue, 13 Oct 2015 14:25:43 GMT
>> Server: Apache/2.4.10 (Debian)
>> Access-Control-Allow-Origin: http://dangerousideassouthampton.org.uk
>> Access-Control-Expose-Headers: Location, Content-Type, Content-Length
>> Access-Control-Allow-Credentials: true
>> Vary: Accept-Encoding
>> Content-Encoding: gzip
>> Content-Length: 221
>> Keep-Alive: timeout=5, max=100
>> Connection: Keep-Alive
>> Content-Type: text/plain; charset=utf-8
>>
>> I'm using the python code from the Authentication docs to generate the token, just adding the Content-Type and CORS headers.
>>
>>
>> On 12 October 2015 at 23:05, Randall Leeds <randall at bleeds.info> wrote:
>>
>>> Can you paste the full headers of the tokenUrl response?
>>>
>>> On Mon, Oct 12, 2015 at 2:19 PM Andy Kinge <kinge.andy at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm attempting to use v1.2.10 (i.e. latest stable) of annotator on a
>>>> single page on my own website, using annotateit.org for storage and
>>>> with my own token generator to provide delegated authentication so that
>>>> many people can annotate the page.
>>>>
>>>> I thought I had wired it all together correctly, but I'm finding that I
>>>> can't authenticate with http://annotateit.org/api/annotations if I use
>>>> tokenUrl in the config, like so:
>>>>
>>>> jQuery(function ($) {
>>>>     $('#content').annotator().annotator('addPlugin', 'Auth', {
>>>> tokenUrl: 'http://mydomain/cgi-bin/token' });
>>>>     ...
>>>>
>>>> POST http://annotateit.org/api/annotations 401 UNAUTHORIZED
>>>>
>>>> "Cannot authorize request (create annotation). Perhaps you're not logged in as a user with appropriate permissions on this annotation? (user=None, consumer=None)"
>>>>
>>>> however, if I take the token generated by my generator and paste it
>>>> directly in the config like this:
>>>>
>>>>  $('#content').annotator().annotator('addPlugin', 'Auth', { token:
>>>> 'eyJhbGciOiJIUzI1***************'}); /*token redacted for this example */
>>>>
>>>> then I can authenticate, create annotations and they are persisted as
>>>> expected.
>>>>
>>>> I've noticed that in the latter case, the token is passed to the
>>>> annotations endpoint in an x-annotator-auth-token header, but with
>>>> tokenUrl this doesn't happen.
>>>>
>>>> I've obviously missed something basic, but I can't for the life of me
>>>> see why it's not working, any pointers would be gratefully received!
>>>>
>>>> Thanks
>>>>
>>>> Andy
>>>> _______________________________________________
>>>> annotator-dev mailing list
>>>> annotator-dev at lists.okfn.org
>>>> https://lists.okfn.org/mailman/listinfo/annotator-dev
>>>> Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20151013/e30ac5cf/attachment-0004.html>