REST API crashes when using ClientCredentials OAuth

Does your exception log contain an error with more details?

How are you generating your request? Code, cURL, Postman, etc?

Note that in Community v12, both the "OAuth" and "Bearer" formats are accepted. See current documentation here (largely unchanged): community.telligent.com/.../authentication

Hi Steven Heffner 

I can reproduce the bug using cURL, Postman, and our external Java process (the request isn't very sophisticated).

My Ops team says there's nothing in our logs about this exception.  Is there a different log file where REST API exceptions could be written?  

Chris  

Can you export the diagnostics report from Administration > About > Download Diagnostics and attach it here?

Also try not setting the Accept/Content Type header on the Request, it is not necessary on a GET, and it wouldn't be application/json regardless

Hi Steven Heffner 

Here's the diagnostics.xml file as requested.

Thank you,

Chris

diagnostics.xml

Does this same response happen with an API key?  Also you have custom components installed, mainly an OpenId connect module of some sort, I would also try with anything custom disabled.

Hi Patrick M. 

We are using an OpenID Connect module, I'll see if my Ops team can uninstall it and re-test.

I'll try using an API key and see what happens.  I chose ClientCredentials since it's cleaner IMO, but if an API key works then that will also satisfy our use-case.

Chris

If you get the same response from an API key, then it more than likely is not related to authentication at all.

Hi Patrick M. 

I apologize for the delayed response.  In any case, I've re-implemented authentication from ClientCredentials to a simple API Key, however, I still get the 500 when I access any REST API endpoint.

Request:

GET https://test.mphise.us/api.ashx/v2/groups.json
Rest-User-Token ajZmbDVmc244djNsdms5dGRsMndtbnUyeDNzbmFhYzpjaHJpcy53aWxraW5zb24=
Accept application/json

Response:

500/Internal Server Error
Date: Thu, 15 Jul 2021 18:57:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2498
Connection: keep-alive
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/10.0
X-FRAME-OPTIONS: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self';
X-UA-Compatible: IE=Edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Telligent-Evolution: 12.x
X-Powered-By: ASP.NET

-- html body omitted --

Testing with the Web interface using my admin account:

I have an admin account in our environment at https://test.mphise.us, however when I browse to https://test.mphise.us/api.ashx/v2/info.json with an authenticated browser session, Verint is giving me a 403.  A 403 is especially odd since I'm a full-access admin user, but maybe this is a tell that we're missing config.  Here's what I see:

Is there anything special that I need to do in order to enable REST endpoints?  The 500 via the REST API with Oauth or API Key is cryptic, but the 403 via admin browser session is at least a valid web server response that suggests permissions or config could be missing.

Thank you,

Chris

Hi Patrick M. 

I apologize for the delayed response.  In any case, I've re-implemented authentication from ClientCredentials to a simple API Key, however, I still get the 500 when I access any REST API endpoint.

Request:

GET https://test.mphise.us/api.ashx/v2/groups.json
Rest-User-Token ajZmbDVmc244djNsdms5dGRsMndtbnUyeDNzbmFhYzpjaHJpcy53aWxraW5zb24=
Accept application/json

Response:

500/Internal Server Error
Date: Thu, 15 Jul 2021 18:57:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2498
Connection: keep-alive
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/10.0
X-FRAME-OPTIONS: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self';
X-UA-Compatible: IE=Edge
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Telligent-Evolution: 12.x
X-Powered-By: ASP.NET

-- html body omitted --

Testing with the Web interface using my admin account:

I have an admin account in our environment at https://test.mphise.us, however when I browse to https://test.mphise.us/api.ashx/v2/info.json with an authenticated browser session, Verint is giving me a 403.  A 403 is especially odd since I'm a full-access admin user, but maybe this is a tell that we're missing config.  Here's what I see:

Is there anything special that I need to do in order to enable REST endpoints?  The 500 via the REST API with Oauth or API Key is cryptic, but the 403 via admin browser session is at least a valid web server response that suggests permissions or config could be missing.

Thank you,

Chris

You cannot access the REST API via a browser, authenticated or not, its not the same authentication process.  And did you disable all customizations as requested?  Including openId?

Have you checked the log for any exceptions?  I would suggest you really open a support case because to look any further we are going to need to see fiddler traces, etc  and that should only be passed through support and not here