Server Error: Unauthorized

[itamair]

As a follow up of this #14 resolution, I now hit this error on http://localhost:3000

[itamair]

Any idea of how to solve this?

[shadcn]

Can you verify if the DRUPAL_CLIENT_ID and DRUPAL_CLIENT_SECRET are correct?

[shadcn]

Any errors in the Drupal logs?

[itamair]

I have setup only 1 user, that is the default one, with the following parameters:
UUID: 87d125fd-2f98-43e7-9ff3-18d1755f8037
New Secret: secret
(last one is stored as Hash in the DB, of course).

And I am using the following data in the env.local file (of the NextJs client app):

NEXT_PUBLIC_DRUPAL_BASE_URL=https://drupal-site.ddev.site
NEXT_IMAGE_DOMAIN=drupal-site.ddev.site
DRUPAL_SITE_ID=1ccd4bc4-bbc6-4c19-a816-c7d100feff02
DRUPAL_FRONT_PAGE=/node/6
DRUPAL_PREVIEW_SECRET=secret
DRUPAL_CLIENT_ID=87d125fd-2f98-43e7-9ff3-18d1755f8037
DRUPAL_CLIENT_SECRET=secret

NODE_TLS_REJECT_UNAUTHORIZED=0

I can see the following error log in the Drupal site once I try to run the http://localhost:3000:

League\OAuth2\Server\Exception\OAuthServerException: Client authentication failed in League\OAuth2\Server\Exception\OAuthServerException::invalidClient() (line 154 of /var/www/html/vendor/league/oauth2-server/src/Exception/OAuthServerException.php).

I am not super expert of the simple_oauth module, with JSONAPI, but I am wondering that the miss of any generated token could mean something here ...

Simple OAuth Settings looks like the followings (and I can see the Generated Keys in my "sites/default/files/private" folder ...

[shadcn]

hmm, did you configure a user for the client?

[itamair]

Yes I did ...

the itamair user is administrator and also with "Next site previewer" role ...

[itamair]

I am concerned there is something wrong with the Oauth module settings (and still don't get what as I am not now able to xdebug it).
But when I visit this GET Route: /oauth/debug
I receive the following outcome:

{"message":"The used authentication method is not allowed on this route."}

Should something be properly set on the Rest Resources (/admin/config/services/rest) or somewhere else on JSONAPI that is not mentioned in the Quickstart guide???

[itamair]

Worth to also mention (may be is relevant to this issue) that still no oauth2 token entity has been created in my Drupal BE, and I don't know how it should be created ...

[itamair]

Ah! Finally I was able to make (almost) all this working ...
I was totally missing the proper setup of the Oauth module and generation of access tokens ...
Basically I had to properly follow the Quick demo (Password Grant) section of the OAuth2 module and some of its Video Tutorials.

For sake of sharing my findings, after creating a consumer Client Application, it is crucial properly generate the Access Tokens with some POST request of the following type:

curl -X "POST" "https://drupal-site.ddev.site/oauth/token" \
     -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
     --data-urlencode "grant_type=password" \
     --data-urlencode "client_id=[client_id]" \
     --data-urlencode "client_secret=[client_secret]" \
     --data-urlencode "scope=[scope]" \
     --data-urlencode "username=[username]" \
     --data-urlencode "password=[password]"

I thing reference to all this Oauth module setup (and generation of access tokens) should be mentioned in the Quickstart guide & repo documentation, for all those (like me) are not expert of the Drupal Oauth module.

[shadcn]

Thanks for the update and the fix @itamair. I'll update the documentation.

If you have any other suggestions on how we can improve the onboarding/setup process, you can ping me.

[testevez]

I have the same issue. I used this thread to get a proper response via Postman. However, the issue remains. I feel like the issue with with the keys, but I am not sure how to fix it. I have tried generating the keys in admin/config/people/simple_oauth as well as via CLI as per the instructions in https://www.drupal.org/project/simple_oauth, neither results in a fix for me. I will be watching this thread for updates, thanks.

[theRuslan]

I had the same problem on old test installation and it was gone after re-creating credentials on drupal side (ids and secrets but not the certificates) and updating .env.local file in accordance.

Fresh installation by guide worked fine (https://next-drupal.org/docs/quick-start).

[Juc1]

Thanks for the update and the fix @itamair. I'll update the documentation.

Hi all were the docs https://next-drupal.org/docs/quick-start updated or do I need to do extra OAuth2 stuff as mentioned by @itamair ?

[shadcn]

@Juc1 I've not updated the docs yet. Are you facing the same issues?

[Juc1]

@shadcn yes I am getting "Error:Unauthorised" like itamair's screenshot at the top of this issue.

[janoka]

Hi Guys,
I've the same error:

I also tested with Postman, and Drupal had generated the Bearer access_token.

It seems to me the client tries to use Basic authentication, but Oauth2 accept username and passowrd only in body.

[shadcn]

I noticed this issue when I created a client/consumer before generating keys (private and public) keys.

I fixed this by deleting the consumer and recreating it again.

[simon-olsen]

Had the same issue and I recreated the Consumer, regenerated the keys and it started working for me.

FYI @itamair I created a /certs folder at the root of my Drupal project, same level as the /web directory (ie. outside the Drupal root or webroot) and set the Directory for the keys to .../certs

I see your's are in a private folder - perhaps the above method might be better.

This is the directory where the public and private keys will be stored after generation. This SHOULD be located outside of your webroot to avoid making them public unintentionally

[KojoEnch]

Had the same issue, tried all of the above solutions : generated token with curl, deleted and recreated consumer...

I'm using ddev for Drupal and I could solve it after I filled NEXT_PUBLIC_DRUPAL_BASE_URL and NEXT_IMAGE_DOMAIN values with the http url (eg http://myblog.site:8008) instead of the https one (_https://myblog.ddev.site _).

By the way, I stumble then on Not found errors, whether on the homepage or after creating some content. Even If it sounds obvious afterwards, I suggest that you mention in the quick start guide, to enable Json Api module, and any other required dependencies.
When we follow such a doc we sometimes tend to do it blindly and expect it will work as it...

Thanks for this promising repo and the amazing work done !

[shadcn]

... I suggest that you mention in the quick start guide, to enable Json Api module, and any other required dependencies.

The Next.js JSON:API module list JSON:API module as a dependency. I'll update the docs.

@KojoEnch I've been wanting to try ddev for a while. Are you running both Drupal and the Next.js site on the same setup? Mind sharing your config?

Thanks for the feedback. Appreciate the feedback.

[KojoEnch]

Well, I just use ddev default config. I use ddev most of the time now for a while and recommend it, since it provides a full containerized dev env for each project in less than a minute.

So I made a new fresh install following your quick start guide this morning, and I can confirm that for ddev users, the install problem comes from the https. I think node complains for self signed certificates, I've had the same problem in a previous hand made drupal + next config. There are ways to setup that but this is beyond the scope of that issue. So for a clean install with ddev :

• install ddev globally
• composer create-project drupal/recommended-project drupal-site
• cd drupal-site && ddev config --http-port=8008 (any unused custom port to avoid conflicts)
• ddev describe : check all the urls provided to access the project, as well as mailhog, phpmyadmin ... and pick the http one for next config
• go to the https one and install the site.
• composer require drush/drush
• composer require drupal/next:1.0.0-beta6
• ddev exec drush en next next_jsonapi -y (run drush from inside the container)

Then follow the install from https://next-drupal.org/docs/quick-start#4-create-site until .env.local step and fill in NEXT_PUBLIC_DRUPAL_BASE_URL with ddev http url : NEXT_PUBLIC_DRUPAL_BASE_URL=http://drupal-site.ddev.site:8001

No extra needs, the tokens are properly set when we access front site, and front page is accessible without error.

[shadcn]

@KojoEnch Thank you. I'll add this to the documentation.

[Peppe87]

I'm starting to test this tool on Drupal 9.3. I'm also using ddev.

I too had a Server Error: Unauthorized error, until I did a POST request - as itamair example in a post above . Subsequently, the next.js site started to work.

It was not necessary for me to use the http url. In other words, NEXT_PUBLIC_DRUPAL_BASE_URL=https://drupal9-site.ddev.site works fine for me.

[darrenoh]

I'm seeing new tokens being created every time the front end refreshes. Also seeing this error in the Drupal log:

ArgumentCountError: Too few arguments to function Drupal\simple_oauth\Entities\AccessTokenEntity::convertToJWT(), 0 passed in /var/www/html/vendor/league/oauth2-server/src/Entities/Traits/AccessTokenTrait.php on line 78 and exactly 1 expected in Drupal\simple_oauth\Entities\AccessTokenEntity->convertToJWT() (line 21 of /var/www/html/web/modules/contrib/simple_oauth/src/Entities/AccessTokenEntity.php)

[shadcn]

@darrenoh this error is a known issue in the Simple OAuth module. See:

• https://www.drupal.org/project/simple_oauth/issues/3197616
• https://www.drupal.org/project/simple_oauth/issues/3230707

Can you create a separate issue to track the token generation issue please?

Thank you

[shakilahmad46]

I followed all the above comments and the quick start guide but still, the issue remains.

[simon-olsen]

Had the same issue and I recreated the Consumer, regenerated the keys and it started working for me.

Did you try deleting and recreating the consumer?

[theodorosploumis]

I had the same issue as above.
For me the problem was the usage of http instead of https. The Drupal site was using https and the call with http was only redirected to https with a GET request. So POST requests to http were not allowed!

The Drupal error log was:

Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException: No route found for "GET /oauth/token": Method Not Allowed (Allow: POST) in 
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest() (line 140 of /vendor/symfony/http-kernel/EventListener/RouterListener.php).

I also think that the tool from https://github.com/shadcn/next-drupal-debug should be included on the main repository as a tool...

[shadcn]

@itamair I'm going to close this as done/stale. Feel free to reopen if not. Thank you.

[queenvictoria]

I appreciate that this is closed. However just adding one more scenario that causes this error that I solved using this thread (the curl process above).

My Drupal salt was too short. The error message I received eventually was:

{
     "error": "server_error",
     "error_description": "The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Hash salt must be at least 32 characters long.",
     "message": "The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Hash salt must be at least 32 characters long."
}