Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request OAPIF: support for API-keys via query for API implementing OGC API - Features #2873

Closed
heidivanparys opened this issue Aug 20, 2020 · 3 comments
Closed

Feature request OAPIF: support for API-keys via query for API implementing OGC API - Features #2873

heidivanparys opened this issue Aug 20, 2020 · 3 comments

Comments

@heidivanparys
Copy link
Contributor

heidivanparys commented Aug 20, 2020
edited
Loading

Expected behavior and requested behavior.

When adding a service that implements OGC API - Features and that needs an API-key for implementation, the api-key is stripped of the URL when the driver looks for a specific collection, resulting in a 403 error when that collection is secured. It would be great if the api-key parameter would not be stripped off.

Steps to reproduce the problem.

OGC API - Features service with an API that could look like this (api-key used for all the paths that go deeper than /collections).

image

(see also http://spec.openapis.org/oas/v3.0.3#securitySchemeObject and http://spec.openapis.org/oas/v3.0.3#non-oauth2-security-requirement)

Even when adding ?api-key=myApiKey to the landing page URL, trying to add the features of a collection like that results in

WARNING Download of collection description failed: Error transferring https://link.to.com/v2/data/collections/collectionId - server replied: Forbidden

Operating system

N/A

GDAL version and provenance

3.2.0

Tested via QGIS:

QGIS version 3.15.0-Master QGIS code revision 0bd81d27c6
Compiled against Qt 5.11.2 Running against Qt 5.11.2
Compiled against GDAL/OGR 3.2.0dev Running against GDAL/OGR 3.2.0dev
Compiled against GEOS 3.8.1-CAPI-1.13.3 Running against GEOS 3.8.1-CAPI-1.13.3
Compiled against SQLite 3.29.0 Running against SQLite 3.29.0
PostgreSQL Client Version 11.5 SpatiaLite Version 4.3.0
QWT Version 6.1.3 QScintilla2 Version 2.10.8
Compiled against PROJ 7.2.0 Running against PROJ Rel. 7.2.0, November 1st, 2020
OS Version Windows 10 (10.0) This copy of QGIS writes debugging output.
Active python plugins db_manager; MetaSearch; processing
@heidivanparys heidivanparys changed the title Feature request: support for API-keys via query for API implementing OGC API - Features Feature request OAPIF: support for API-keys via query for API implementing OGC API - Features Aug 20, 2020
@rouault
Copy link
Member

rouault commented Aug 20, 2020

Actually I believe this should already work per aad2cbc
This would need the exact URL to reproduce the issue. (you can email me at even.rouault at spatialys.com)

rouault added a commit to rouault/QGIS that referenced this issue Aug 21, 2020
@rouault
[OAPIF provider] Avoid crash when service description page lacks emai…
fc3fb75 
…l or url in contact object

Found when investigating OSGeo/gdal#2873
but doesn't address it
@rouault rouault mentioned this issue Aug 21, 2020
Merged
rouault added a commit that referenced this issue Aug 21, 2020
@rouault
OAPIF: avoid re-adding user query parameters if they are found in URL…
0949a99 
…s returned by the API (relates to #2873)
@rouault
Copy link
Member

rouault commented Aug 21, 2020

With the service URL provided, I can confirm this is not a GDAL issue, but a QGIS issue. GDAL works fine (with a minor caveat addressed in commit 0949a99), but QGIS doesn't indeed. QGIS doesn't use the GDAL OAPIF provider, but has its own code. Could you reopen this issue on https://github.com/qgis/QGIS instead ?

@rouault rouault closed this as completed Aug 21, 2020
rouault added a commit that referenced this issue Aug 21, 2020
@rouault
OAPIF: avoid re-adding user query parameters if they are found in URL…
2cce67b 
…s returned by the API (relates to #2873)
nyalldawson pushed a commit to qgis/QGIS that referenced this issue Aug 22, 2020
@rouault @nyalldawson
[OAPIF provider] Avoid crash when service description page lacks emai…
4e0f64f 
…l or url in contact object

Found when investigating OSGeo/gdal#2873
but doesn't address it
@heidivanparys
Copy link
Contributor Author

@rouault Thanks for looking at this. I opened a new issue: qgis/QGIS#38436.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rouault @heidivanparys