pufferpanel icon indicating copy to clipboard operation
pufferpanel copied to clipboard

Published 20 hours ago verified publisher icon pufferpanel

Access token authorization bug

Open rby-blackruby opened this issue 2 years ago • 1 comments

Description of issue:

The token generated with /oauth2/token is unable to use parts of the panel api that is outside of /daemon. This leads to Response 401 when trying to send a GET request to /api/nodes.

How to reproduce it:

  1. Create an OAuth2 Client using an administrator account.
  2. Generate a key with the OAuth2 client's id and secret.
  3. Try sending a GET request to /api/nodes

I have uploaded the script I'm using so you can test it with that too, but this online tool can be used as well: Tool: https://reqbin.com/ Test script: https://pastebin.com/5YdMsKXS

Expected behavior:

Expected behavior would be to get a Response 200 and a body, containing all the informations of the panel's nodes. Instead what happens is a 401 Unauthorized response with no body content.

Thank you for looking into this. If you need any more testing or info, feel free to reach out to me either here or on discord. blackruby#2562

rby-blackruby avatar Apr 05 '22 20:04 rby-blackruby

Same issue for me It seems that the error here is in token. I tried in many ways to send token with puffer_auth cookie and with Authorization Header but this isn't working

LeChatP avatar May 09 '22 22:05 LeChatP

i switch to Mysql and now on i try to get token is return this {"scope":"","error":"invalid_client"}

ivan100-ivoop avatar Dec 14 '22 16:12 ivan100-ivoop