https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402
--- Comment #32 from Julian Maurice <[email protected]> --- (In reply to Josef Moravec from comment #29) > Tested on another devbox, now I got 401 Unauthorized. > > I have an idea of what is going on: > > This only adds new authorization method, but the authorization with cookies > (eg. when you are normally logged into koha) is still taken into account. > > But yesterday I used the koha database user to change permission of api user > - so token was expired and oauth say unauthorized, then cookie was found bud > the logged in user was database user and that's the reason why it exploded Then maybe we should not try cookie authentication if oauth fail and we have an Authorization header containing 'Bearer' ? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
