Hi Randall, Here are the headers from the tokenUrl response:
HTTP/1.1 200 OK Date: Tue, 13 Oct 2015 14:25:43 GMT Server: Apache/2.4.10 (Debian) Access-Control-Allow-Origin: http://dangerousideassouthampton.org.uk Access-Control-Expose-Headers: Location, Content-Type, Content-Length Access-Control-Allow-Credentials: true Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 221 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain; charset=utf-8 I'm using the python code from the Authentication docs to generate the token, just adding the Content-Type and CORS headers. On 12 October 2015 at 23:05, Randall Leeds <rand...@bleeds.info> wrote: > Can you paste the full headers of the tokenUrl response? > > On Mon, Oct 12, 2015 at 2:19 PM Andy Kinge <kinge.a...@gmail.com> wrote: > >> Hi, >> >> I'm attempting to use v1.2.10 (i.e. latest stable) of annotator on a >> single page on my own website, using annotateit.org for storage and with >> my own token generator to provide delegated authentication so that many >> people can annotate the page. >> >> I thought I had wired it all together correctly, but I'm finding that I >> can't authenticate with http://annotateit.org/api/annotations if I use >> tokenUrl in the config, like so: >> >> jQuery(function ($) { >> $('#content').annotator().annotator('addPlugin', 'Auth', { tokenUrl: ' >> http://mydomain/cgi-bin/token' }); >> ... >> >> POST http://annotateit.org/api/annotations 401 UNAUTHORIZED >> >> "Cannot authorize request (create annotation). Perhaps you're not logged in >> as a user with appropriate permissions on this annotation? (user=None, >> consumer=None)" >> >> however, if I take the token generated by my generator and paste it >> directly in the config like this: >> >> $('#content').annotator().annotator('addPlugin', 'Auth', { token: >> 'eyJhbGciOiJIUzI1***************'}); /*token redacted for this example */ >> >> then I can authenticate, create annotations and they are persisted as >> expected. >> >> I've noticed that in the latter case, the token is passed to the >> annotations endpoint in an x-annotator-auth-token header, but with >> tokenUrl this doesn't happen. >> >> I've obviously missed something basic, but I can't for the life of me see >> why it's not working, any pointers would be gratefully received! >> >> Thanks >> >> Andy >> _______________________________________________ >> annotator-dev mailing list >> annotator-dev@lists.okfn.org >> https://lists.okfn.org/mailman/listinfo/annotator-dev >> Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev >> >
_______________________________________________ annotator-dev mailing list annotator-dev@lists.okfn.org https://lists.okfn.org/mailman/listinfo/annotator-dev Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
