External rest data source authentication issue

edited October 15, 2019 in Questions
I am having trouble connecting to a rest data source. It seems to be connecting to the right end point, but the only field it returns is the "message" field and when I add the message field to a table, the message field populates with "Authorization has been denied for this request." I have checked my user name and password several times. I have tried different settings for the data connection, but they all result in error messages that the data resource could not be found. Any Ideas?
Β«1

Comments

  • JD BellJD Bell ✭✭
    edited March 16, 2018
    Do you know what the expected authentication/authorization flow of your REST service is? And how credentials/tokens are supposed to be passed to the service? If so, please let us know so that we can advise you on how to accomplish that with Skuid.

    ===

    More depth:

    REST service authentication/authorization can be very complicated.

    First, you need to determine how the REST service handles authentication and authorization.

    If the REST service uses OAuth (or something like it), then you will need to communicate with an authentication service to exchange your authentication credentials (e.g., username and password) for an authentication token. You'd then exchange the authentication token with your resource service to get an access token (basically, a session Id). Only when you have the access token can you begin requesting data from the service.

    Some REST services handle both authentication and authorization, but in separate steps. You'd call one function on the REST service to login, at which point you'd get an authorization or session token, then you'd use that token in lieu of credentials for your remaining requests.

    Some REST services simply expect your credentials with every single request, and re-verify those credentials every time a function is called.

    Once you've figured out your authentication/authorization flow, you still need to determine how the REST service expects to receive those credentials/tokens. Should they be included as URL parameters, in the request header, in the body? While some authentication flows have a specification (like OAuth and HTTP Basic Authentication), there's no guarantee that your service perfectly obeys those specs. For example, popular services like Facebook have authentication flows that closely resemble OAuth but are different enough to be incompatible.

    Skuid was designed to be very flexible and work with a wide variety of authentication/authorization flows, so once you've determine the correct way to authenticate/authorize your user with the service, it should be possible to set that up in Skuid.
  • edited October 15, 2019
    Thank you for the response. Your explanation helped me understand what is happening ( I think). Authentication seems to be working with "Shared User Name: Separate Authentication URL", but then I need to retrieve the token and pass it in the header of each call. I see the Headers to send with every request section, but I can't do anything with it. Under "Object" the only thing listed is "Blank Object". Any guidance on how I can accomplish the connection would be greatly appreciated. Thanks
  • edited March 1, 2017
    Hi Raymond,

    The JSON Editor that we have right now is pretty unintuitive. You have to click on the "menu" icon to the left of the (empty object) label. Then you can click "Append". After that, you can put in the headers that you need. For the "value" part of the header, you will probably want to merge in a value from your previous authentication request. It will be something like this...


    {{$Auth.Response.Body.myToken}}

    or this...

    {{$Auth.Response.Headers.myResponseHeader}}
  • edited October 15, 2019
    Ok, thanks. I tried both of those header values and got no satisfaction. Is there a way to find what the merge variable would be for my particular case? My auth URL end point is /security/token if that helps.... Thanks
  • edited March 1, 2017
    You will need to inspect the payload and headers that come back from the request to /security/token. If you can post that here (scrub out any tokens or credentials), then I can probably tell you what your merge value needs to be. Also, it's important what your service is expecting in terms of the token. A lot of times it's a header called "Authorization" and then the value would be "Bearer {{$Auth.Response.Body.access_token}}. But this really varies from service to service. Is your service a public one that I could take a look at the documentation?
  • edited October 15, 2019
    Thanks. Here is the API documentation: https://github.com/orionadvisor
  • edited March 1, 2017
    Hi Raymond,

    I looked through the documentation, but couldn't find anything about the /security/token endpoint. Usually there's a section of the documentation that talks about how to authenticate.
  • edited October 15, 2019
    Thanks Ben, these are the header requirements: This goes in an 'Authorization' header: 'Basic '+EncodingUtil.base64Encode(Blob.valueOf(userName+':'+password)) Any help of how I would formulate that would be greatly appreciated.
  • edited March 1, 2017
    Oh, that's just basic http auth. We have that built in! Just use the basic http auth setting and enter your shared username and password. Per user credential storage is coming in an upcoming release.
  • edited October 15, 2019
    Thanks Ben, but when I use the basic setting, then I go to the page I am trying to build, on page load of the page builder, I get this error message: . "Error retrieving metadata for Model(s) associated with Data Source 'OrionConnect'. Please check Models' properties to ensure they are set correctly. Error connecting to REST Data Source at URL "https://api.orionadvisor.com/api/v1/portfolio/accounts": Unauthorized". That is why I switched to the separate auth URL setting. When on this setting, I don't get the error message. I also don't get any data, so maybe it is the same thing....
  • edited March 1, 2017
    Do you know what version of Skuid you have installed?
  • edited October 15, 2019
    7.27
  • edited March 1, 2017
    Hmm, that's strange. It seems like it should be working unless your username and password are somehow wrong.
  • edited October 15, 2019
    Yes, strange. I have checked it many times. I can use the same credentials to log in directly to their application and into their API tester and both work fine.
  • edited October 15, 2019
    Could you show me how I would create the basic header and I can try using the Separate Auth URL setting?
  • JD BellJD Bell ✭✭
    edited March 16, 2018
    Hey Raymond,

    Based on the sample code in the GitHub repro, it looks like you must first connect to security/token using Basic authentication (putting the username and password in the Authorization header). The response you get back will be a JSON object with a property namedΒ access_token.

    You would then include the access token in your API calls in the Authorization header, using something like "Session ".

    To support this with Skuid, select the separate authentication URL option. (https://api.orionadvisor.com/api/v1/security/token)

    In the headers to send with the auth request, add the Authorization header with a value of "Basic {{$Auth.BasicAuth}}".

    Then, in your headers to send with every request, include an Authorization header with the value "Session {{$Auth.Response.Body.access_token}}".

    If my reading of the sample code for this project is correct, then the above should work for you. But you'll need to check with the REST API developer/owner, since I could not find any documentation to back this up.
  • edited October 15, 2019
    Thanks for the help on this. When setting up the headers, there is a "field" and a "value" . What should I be entering as "field"?
  • JD BellJD Bell ✭✭
    edited March 16, 2018
    Assuming I understand the REST service correctly: Field = "Authorization", Value = "Session {{$Auth.Body.access_token}}"
  • edited October 15, 2019
    That is what I assumed. No luck. I thank you for your help. I'll have to go to the developer. I doubt I will get their attention before January. I'll post back here if I get this resolved. One last question. Is there a way to see what the actual get request Skuid is sending looks like? Happy Holidays!
  • edited October 15, 2019
    Merry Christmas Eve, The API developer got back to me with the following links for more info: http://forum.riadevelopers.com/post/authenticate-to-the-webapi-basic-7180224 http://forum.riadevelopers.com/post/orion-webapi-getting-started-guide-7019125 To authenticate, Call [GET] https://testapi.orionadvisor.com/api/v1/security/token Include a Basic authorization header with the userid/pwd base 64 encoded: [Header] Authorization: Basic {uid}:{pwd} returns an "auth_token" The auth_token can then be used for all other api calls. [Header] Authorization: Session
  • edited October 15, 2019
    HI. I'm still having issues with this. I just worked on it with my Salesforce Developer who has successfully build integrations with this API outside of Skuid. He reviewed your comments and my settings and says that everything is set correctly as far as we are able to tell. We can't actually see what is happening behind the scenes. The flow that JD Bell laid out in his comment is correct. Here is a screenshot of my settings. Still no satisfaction.... image
  • edited October 15, 2019
    Thanks Matt! I ran through this and the json is showing a post method instead of a get method. The tutorial, and my Salesforce developer indicate it should be a get. My model, however, is set to: Service Access Method = Get, so I'm not sure why it is using a post method
  • edited January 11, 2016
    Hi Raymond, I took a look at this. Right now Skuid is always sending the authentication part of the request as POST no matter what. We need to add an "Authentication Verb" option to the authentication options. I'll try to get this added to our next update. But that probably wont be out for another 3-4 weeks.
  • edited October 15, 2019
    This reply was created from a merged topic originally titled External data issue. Hello, I'm still seeking help with this issue. I think it may be a problem with Skuid, so I marked this post as "Problem". I am unable to connect to an external rest interface. Several community members tried to help and I ran a JSON diaginostic and found that my page is generating a post method instead of a get method. My Skuid page is set to method=Get, though. If anyone in Skuidland can help me out, I would greatly appreciate it. The details can be found in the below post:

    https://community.skuidify.com/skuid/...

    Thanks!
  • edited December 7, 2016
    Ok, thanks Ben.
  • edited February 10, 2016
    Hi Raymond, as of Banzai Update 7, you can now send authentication requests with GET.
    http://www.skuidify.com/skuidreleases
  • edited December 7, 2016
    I'm excited to try it! Thanks for the hard work.
  • edited December 7, 2016
    Unfortunately no satisfaction on this. I changed the verb to GET, but I still get this error when I load the page with the model based on the service in page builder: 1. Error retrieving metadata for Model(s) associated with Data Source 'OrionConnect'. Please check Models' properties to ensure they are set correctly. Error connecting to REST Data Source at URL "https://api.orionadvisor.com/api/v1/portfolio/accounts": Unauthorized I checked my user ID and password several times and they are correct.
  • Zach McElrathZach McElrath Principal Software Engineer Chattanooga, TN πŸ’ŽπŸ’ŽπŸ’Ž
    edited December 21, 2016
    Raymond, in your Common Request Headers, the following is invalid and will not return anything: {{$Auth.Body.access_token}}. Replace it with this:

    Session {{$Auth.Response.Body.access_token}}
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!