Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization Credentials Stripped --- django, elastic beanstalk, oauth

I implemented a REST api in django with django-rest-framework and used oauth2 for authentication.

I tested with:

curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/oauth2/access_token/

and

curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/

on localhost with successful results consistent with the documentation.

When pushing this up to an existing AWS elastic beanstalk instance, I received:

{ "detail" : "Authentication credentials were not provided." }
like image 624
sahutchi Avatar asked Mar 09 '14 06:03

sahutchi


3 Answers

I like the idea of just having some extra configuration on the standard place. In your .ebextensions directory create a wsgi_custom.config file with:

files:
  "/etc/httpd/conf.d/wsgihacks.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      WSGIPassAuthorization On

As posted here: https://forums.aws.amazon.com/message.jspa?messageID=376244

like image 50
Manel Clos Avatar answered Nov 18 '22 16:11

Manel Clos


I thought the problem was with my configuration in django or some other error type instead of focusing on the differences between localhost and EB. The issue is with EB's Apache settings.

WSGIPassAuthorization is natively set to OFF, so it must be turned ON. This can be done in your *.config file in your .ebextensions folder with the following command added:

container_commands:
  01_wsgipass:
    command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'

Please let me know if I missed something or if there is a better way I should be looking at the problem. I could not find anything specifically about this anywhere on the web and thought this might save somebody hours of troubleshooting then feeling foolish.

like image 37
sahutchi Avatar answered Nov 18 '22 14:11

sahutchi


I use a slightly different approach now. sahutchi's solution worked as long as env variables were not changed as Tom dickin pointed out. I dug a bit deeper inside EB and found out where the wsgi.conf template is located and added the "WSGIPassAuthorization On" option there.

commands:
  WSGIPassAuthorization:
    command: sed -i.bak '/WSGIScriptAlias/ a WSGIPassAuthorization On' config.py
    cwd: /opt/elasticbeanstalk/hooks

That will always work, even when changing environment variables. I hope you find it useful.

Edit: Seems like lots of people are still hitting this response. I haven't used ElasticBeanstalk in a while, but I would look into using Manel Clos' solution below. I haven't tried it personally, but seems a much cleaner solution. This one is literally a hack on EBs scripts and could potentially break in the future if EB updates them, specially if they move them to a different location.

like image 31
Rubén Durá Tarí Avatar answered Nov 18 '22 14:11

Rubén Durá Tarí