Changed Role Permissions after switch to OIDC login

I just switched my Mayan instance to OIDC login and realised that my user that adds metadata to documents is no longer able to read the document details via api:

While this gives me a result with my admin user:
https://mydomain/api/v4/documents/2531/
I don’t get any results for my metadata bot user.

Up until I was still logging in with the mayan authentication backend I had no problems so the permissions should be fine. Also there was no Mayan update in between, I just stayed on the same version.

Also I can’t really add more permissions since I got all role permissions already selected that could potentially be needed (sorry it’s in German):

EDIT: Nevermind, it was of course my mistake… I had to set a mail address for this user in mayan for OIDC login to work and had a typo in there. Therefore mayan created a new user instead :man_facepalming:

I still get a 404 in my application but it works in the browser. Cannot figure out so far why cause all other api calls are working fine :man_shrugging:

By debugging I could further track this down:

Actually I don’t get any data on most endpoints. I receive data only from the content_types endpoint.

For all other I don’t receive any data.

For example:
curl -v https://DOMAIN/api/v4/document_types/ -H “Accept: application/json” -H “Authorization: Bearer TOKEN” does seem to authenticate fine but does not return any data.

Whereas:
curl -v https://DOMAIN/api/v4/content_types/ -H “Accept: application/json” -H “Authorization: Bearer TOKEN”
returns data

{"count":152,"next":"https://DOMAIN/api/v4/content_types/?page=2","previous":null,"results":[{"app_label":"acls","id":18,"model":"accesscontrollist","url":"https://DOMAIN/api/v4/content_types/18/"},{"app_label":"acls","id":120,"model":"globalaccesscontrollistproxy","url":"https://DOMAIN/api/v4/content_types/120/"}
...

Is anyone experiencing the same? It is a bit strange since I see data in the Browser with the same user…

Return code is always 200 btw…

1 Like

Figured out that the content_types endpoint delivers data also unauthenticated users. So basically it seems that mayan just ignores the Bearer token for some reason… It seems as if I’m not authenticated at all

1 Like