Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APIHeader authentication does not work and prints an error message that is not useful #206

Open
philvarner opened this issue Aug 4, 2022 · 4 comments · May be fixed by #222
Open

APIHeader authentication does not work and prints an error message that is not useful #206

philvarner opened this issue Aug 4, 2022 · 4 comments · May be fixed by #222

Comments

@philvarner
Copy link

I have an api that requires a header Authorization: Bearer <token> to use. I configured this in the STAC API Plugin UI, but when I do Test Connection, the server says it is not a valid stac api. When I try to do other operations, I get a message that just says "Error, details," with no details.

Two issues here:

  1. It seems the header is not being sent.
  2. The error message is not useful for debugging the problem.
@Samweli Samweli mentioned this issue Aug 12, 2022
Open
@hrodmn
Copy link
Contributor

hrodmn commented Oct 28, 2022

Cross-posting this from #207:
#207 (comment)

@philvarner I added a pathway to pass headers to pystac.Client.open on a fork of this repo. It's not feature complete but works if you have an API Headers authentication configuration set up in QGIS.

@remicres
Copy link

@hrodmn so the workflow for your users would be something like this:

  1. In Web browser: log in your website > copy the token
  2. In QGIS: STAC Plugin > Select provider > Add/edit Header Auth (APIHeader) > Add/edit key and values, e.g. key=Authorization, value=Bearer xxxxxxxx for instance
  3. Use the secured STAC endpoint

Is that correct?

@hrodmn hrodmn linked a pull request Oct 28, 2022 that will close this issue
Draft
@hrodmn
Copy link
Contributor

hrodmn commented Oct 31, 2022

@remicres yes that is how I tested it. It is not a very intuitive workflow, but if you know which key/value pairs you need for API Header authentication it works fine. If we ever merge this change into the main branch it will be important to add some more documentation in the connection widget to guide users down this path!

@remicres
Copy link

@hrodmn this looks nice. I agree that this PR points in the right direction.

In my case, also should transform COG assets URLs (and vectors also).
Indeed my COG server needs some Authorization: Bearer xxxx...Xxx in the header.
Then GDAL can pass the key/value using this trick:

url = "https://myserver.com/path/to/image.tif
new_url = f"/vsicurl?header_file={headers_file}&url={url}"

With headers_file containing one key/value per line

Authorization: Bearer xxxx...Xxx
...

So I "just" have to grab the the key/value pairs from QGIS, save them in a temporary file, and transform the assets URLs.

@marujore marujore mentioned this issue Nov 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pass auth_config through to ContentFetcherTask hrodmn/qgis-stac-plugin
3 participants
@philvarner @remicres @hrodmn