qgis-stac-plugin icon indicating copy to clipboard operation
qgis-stac-plugin copied to clipboard
verified publisher icon stac-utils

APIHeader authentication does not work and prints an error message that is not useful

Open philvarner opened this issue 3 years ago • 4 comments

I have an api that requires a header Authorization: Bearer <token> to use. I configured this in the STAC API Plugin UI, but when I do Test Connection, the server says it is not a valid stac api. When I try to do other operations, I get a message that just says "Error, details," with no details.

Two issues here:

  1. It seems the header is not being sent.
  2. The error message is not useful for debugging the problem.

philvarner avatar Aug 04 '22 18:08 philvarner

Cross-posting this from #207: https://github.com/stac-utils/qgis-stac-plugin/issues/207#issuecomment-1295249084

@philvarner I added a pathway to pass headers to pystac.Client.open on a fork of this repo. It's not feature complete but works if you have an API Headers authentication configuration set up in QGIS.

hrodmn avatar Oct 28 '22 17:10 hrodmn

@hrodmn so the workflow for your users would be something like this:

  1. In Web browser: log in your website > copy the token
  2. In QGIS: STAC Plugin > Select provider > Add/edit Header Auth (APIHeader) > Add/edit key and values, e.g. key=Authorization, value=Bearer xxxxxxxx for instance
  3. Use the secured STAC endpoint

Is that correct?

remicres avatar Oct 28 '22 19:10 remicres

@remicres yes that is how I tested it. It is not a very intuitive workflow, but if you know which key/value pairs you need for API Header authentication it works fine. If we ever merge this change into the main branch it will be important to add some more documentation in the connection widget to guide users down this path!

hrodmn avatar Oct 31 '22 14:10 hrodmn

@hrodmn this looks nice. I agree that this PR points in the right direction.

In my case, also should transform COG assets URLs (and vectors also). Indeed my COG server needs some Authorization: Bearer xxxx...Xxx in the header. Then GDAL can pass the key/value using this trick:

url = "https://myserver.com/path/to/image.tif
new_url = f"/vsicurl?header_file={headers_file}&url={url}"

With headers_file containing one key/value per line

Authorization: Bearer xxxx...Xxx
...

So I "just" have to grab the the key/value pairs from QGIS, save them in a temporary file, and transform the assets URLs.

remicres avatar Oct 31 '22 20:10 remicres