Oauth2 Authentication Issues Windows IIS

Hosting farmOS
1

I get this error when trying to run python script CVS upload

raceback (most recent call last):
File “C:\py\import_plantings.py”, line 35, in
client.authorize(username, password)
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\farmOS_init_.py”, line 156, in authorize
return self.session.authorize(username, password, scope)
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\farmOS\session.py”, line 76, in authorize
token = self.fetch_token(
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\requests_oauthlib\oauth2_session.py”, line 366, in fetch_token
self._client.parse_request_body_response(r.text, scope=self.scope)
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\oauthlib\oauth2\rfc6749\clients\base.py”, line 427, in parse_request_body_response
self.token = parse_token_response(body, scope=scope)
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py”, line 441, in parse_token_response
validate_token_parameters(params)
File “C:\Users\pieters\AppData\Local\Programs\Python\Python310\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py”, line 451, in validate_token_parameters
raise MissingTokenError(description=“Missing access token parameter.”)
oauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter.

and running late version on farmOs.py

PS C:\py> pip show farmOS
Name: farmOS
Version: 1.0.0b3
Summary: A Python library for interacting with farmOS over API.
Home-page: GitHub - farmOS/farmOS.py: A Python library for interacting with farmOS over API.
Author: farmOS team
Author-email: mike@mstenta.net
License: UNKNOWN
Location: c:\users\pieters\appdata\local\programs\python\python310\lib\site-packages
Requires: pydantic, requests-oauthlib
Required-by:

Run on win 10
Python 3.10.7 (tags/v3.10.7:6cc6b13, Sep 5 2022, 14:08:36) [MSC v.1933 64 bit (AMD64)] on win32

Can you help?

1 Like
2

Hey @silverlynxconsulting farmOS.py version looks good and I see this was triggered by client.authorize(username, password). If you had incorrect credentials I would expect the server to respond accordingly.

The error message you are seeing should never really happen. This error message suggests that the server did not return an access_token parameter. It’s possible there are log messages related to this as well; if you are self-hosting you can view these at /admin/reports/dblog. Can you share what version of farmOS server you are running?

Other than that, you will want to make sure you OAuth client is configured correctly in both the server and python code (default is client_id = 'farm' and no client_secret).

1 Like
3

Maybe one thing to check is that your keys are correctly configured. Maybe related, although it looks like this would return a different error message: OAuth keys missing in Docker setup

4

Hi I am using farmOS 2.x

5

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2022-10-03 03:58:09
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2022-10-03 03:58:09 xxx.xxx.xxx.xxx(server) GET /web/admin/config/people/simple_oauth - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/people/simple_oauth/oauth2_token 200 0 0 1527
2022-10-03 03:58:46 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/people/simple_oauth 200 0 0 158
2022-10-03 03:59:06 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer/2/edit destination=/web/admin/config/services/consumer 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer 200 0 0 232
2022-10-03 04:00:29 xxx.xxx.xxx.xxx(server) POST /web/admin/config/services/consumer/2/edit destination=/web/admin/config/services/consumer 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer/2/edit?destination=/web/admin/config/services/consumer 303 0 0 194
2022-10-03 04:00:29 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer - 443 -xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer/2/edit?destination=/web/admin/config/services/consumer 200 0 0 118
2022-10-03 04:01:00 xxx.xxx.xxx.xxx(server) GET /web/admin/config/people/simple_oauth - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer 200 0 0 139
2022-10-03 04:01:17 xxx.xxx.xxx.xxx(server) GET /web/admin/config/people/simple_oauth/openid-connect - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/people/simple_oauth 200 0 0 130
2022-10-03 04:01:19 xxx.xxx.xxx.xxx(server) GET /web/admin/config/people/simple_oauth/oauth2_token - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/people/simple_oauth/openid-connect 200 0 0 126
2022-10-03 04:01:21 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/people/simple_oauth/oauth2_token 200 0 0 115
2022-10-03 04:06:16 xxx.xxx.xxx.xxx(server) GET /web/admin/structure/views - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer 200 0 0 535
2022-10-03 04:06:16 xxx.xxx.xxx.xxx(server) GET /web/core/themes/claro/css/components/views_ui.admin.css rgsy11 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/structure/views 200 0 0 3
2022-10-03 04:06:16 xxx.xxx.xxx.xxx(server) GET /web/core/modules/views_ui/css/views_ui.contextual.css rgsy11 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/structure/views 200 0 0 16
2022-10-03 04:06:16 xxx.xxx.xxx.xxx(server) GET /web/core/themes/claro/css/theme/views_ui.admin.theme.css rgsy11 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/structure/views 200 0 0 16
2022-10-03 04:06:16 xxx.xxx.xxx.xxx(server) GET /web/core/modules/views_ui/js/views_ui.listing.js v=9.3.20 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/structure/views 200 0 0 6
2022-10-03 04:06:33 xxx.xxx.xxx.xxx(server) GET /web/logs - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/structure/views 200 0 0 554
2022-10-03 04:06:33 xxx.xxx.xxx.xxx(server) GET /web/core/misc/date.js v=9.3.20 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/logs 200 0 0 14
2022-10-03 04:06:33 xxx.xxx.xxx.xxx(server) POST /web/contextual/render - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/logs 200 0 0 222
2022-10-03 04:12:19 xxx.xxx.xxx.xxx(server) POST /oauth/token - 443 - xxx.xxx.xxx.xxx(client) python-requests/2.28.1 - 404 0 2 22
2022-10-03 04:16:59 xxx.xxx.xxx.xxx(server) POST /oauth/token - 443 - xxx.xxx.xxx.xxx(client) python-requests/2.28.1 - 404 0 2 15
2022-10-03 04:18:14 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/logs 200 0 0 878
2022-10-03 04:18:19 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer/2/edit destination=/web/admin/config/services/consumer 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer 200 0 0 318
2022-10-03 04:18:39 xxx.xxx.xxx.xxx(server) POST /web/admin/config/services/consumer/2/edit destination=/web/admin/config/services/consumer 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer/2/edit?destination=/web/admin/config/services/consumer 303 0 0 163
2022-10-03 04:18:39 xxx.xxx.xxx.xxx(server) GET /web/admin/config/services/consumer - 443 - xxx.xxx.xxx.xxx(server) Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 https://geosrv4/web/admin/config/services/consumer/2/edit?destination=/web/admin/config/services/consumer 200 0 0 119
2022-10-03 04:18:55 xxx.xxx.xxx.xxx(server) POST /oauth/token - 443 - xxx.xxx.xxx.xxx(client) python-requests/2.28.1 - 404 0 2 18

6

on server client id is farm and no secret

in python code
client = farmOS(hostname=hostname, client_id = “farm”, scope=“farm_manager”, version=2)

7

@silverlynxconsulting is your farmOS server using SSL?

@paul121 correct me if I’m wrong but that’s a requirement for OAuth2, right? I forget…

@silverlynxconsulting Are you getting any errors from the Python script itself? It looks like most of the logs posted above are from the web server, which probably won’t help in this case.

1 Like
8

Oh sorry just saw the relevant error in your first comment:

raise MissingTokenError(description=“Missing access token parameter.”)
oauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter.

It appears that you’re getting 403 access denied when you try to get a token:

2022-10-03 04:18:55 xxx.xxx.xxx.xxx(server) POST /oauth/token - 443 - xxx.xxx.xxx.xxx(client) python-requests/2.28.1 - 404 0 2 18

:thinking:

9

Don’t believe it is, OAuth2 works with some dev instances I’ve tested without SSL, I’ve had some issues with certain http clients and self-signed Certs that required an additional parameter to ignore untrusted certs, but they always returned an explicit error about the self signed cert.

10

Are you sure there is no secret set though? I believe the secret box is blank even after saving one.
But there is a Boolean switch to enable/disable the secret.

11

SSL is loaded it is an intranet server
Screenshot 2022-10-03 160335
the client does have an IIS windows web server, and I had to install pip-system-certs 3.1 to help python to use the windows uses Windows certificate store to check the validity of certificates.

12

Thanks, I checked the boolean option to be a false secret option, but still no luck.

Screenshot 2022-10-03 160516

1 Like
13

You could always try authenticating using Curl just to confirm your server side is set up correctly,

curl -X POST -d "grant_type=password&username=yourusername&password=yourpassword&client_id=farm&scope=farm_manager" https://yourdomain.com/oauth/token
14

curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

15

Oh…
are you in a position to test without SSL?

Obviously you will need SSL to work.
I wonder if there is a firewall blocking it, possibly at the application level on your machine?

16
IIS 10.0 Detailed Error - 404.0 - Not Found

HTTP Error 404.0 - Not Found

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

Most likely causes:

  • The directory or file specified does not exist on the Web server.
  • The URL contains a typographical error.
  • A custom filter or module, such as URLScan, restricts access to the file.

Things you can try:

  • Create the content on the Web server.
  • Review the browser URL.
  • Create a tracing rule to track failed requests for this HTTP status code and see which module is calling SetStatus. For more information about creating a tracing rule for failed requests, click here.

Detailed Error Information:

Module    IIS Web Core
Notification    MapRequestHandler
Handler    StaticFile
Error Code    0x80070002
Requested URL    http://geosrv4:80/oauth/token
Physical Path    C:\inetpub\wwwroot\oauth\token
Logon Method    Anonymous
Logon User    Anonymous

More Information:

This error means that the file or directory does not exist on the server. Create the file or directory and try the request again.

View more information »

Without SSL

17

What happens if you just navigate to http://geosrv4/oauth/token in a browser without SSL?
or even just http://geosrv4

Is port 80 open?

18

Screenshot 2022-10-03 185733

Screenshot 2022-10-03 185752
Screenshot 2022-10-03 185752784×582 110 KB

Port 80 is open

1 Like
19

Yes it is…
First one is as expected a request for login.
But wasn’t expecting the 404 for the second one.

Is it different if you use SSL and navigate to https://geosrv4/oauth/token ?

20

Is it different if you use SSL and navigate to https://geosrv4/oauth/token ? no is the same