Hello,
I am using a service user to subscribe/publish events using the WS API. However, it seems that a service user is considered “annonymous” and only has access to public assets.
In the logs I see: “Only public access allowed for anonymous requests”
Am I doing something wrong or is this expected behavior? Is there anyway I can workaround this?
Thank you.
Best regards,
Adriano Carvalho
Hi,
You need to provide a Bearer authroization header when initially connecting to the websocket endpoint; the manager UI uses the websocket API so if you look in the network tab of your browser’s developer console you’ll be able to see what I mean.
Thank you Rich.
It is working now. It seems that I was doing two things wrong:
First, in the wiki the URL is
Auth-Realm={realm}&Authorization={accessToken}
It should be
Realm={realm}&Authorization={accessToken} (no Auth- in the begginng)
Second, the {accessToken} part of the URL should be prefixed with Bearer , as in the HTTP authorization header.
Perhaps you could update the wiki to make this clearer.
I’ve updated the wiki: User Guide: Manager APIs · openremote/openremote Wiki · GitHub
Is it correct like this?
Don
“The realm of the authenticating user must also be included as an Auth-Realm query parameter.”
“Auth-” is still there.
Instead of {Bearer accessToken}, I think it would be slightly more correct and less confusing to put Bearer%20{accessToken}. “%20” is how a space is translated in a URL.
A concrete example is always helpful:
wss://localhost:8080/websocket/events?Realm=smartcity&Authorization=Bearer%20ey...
(ws:// can be used if TLS is disabled.)
Thanks for the correction!