GraphQL requests 401 Unauthorized with OAuth2 Bearer tokenGraphQL requests 401 Unauthorized with OAuth2 Bearer tokenhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1206432182026-05-16T02:37:36Z2026-05-16T02:37:36ZRE: GraphQL requests 401 Unauthorized with OAuth2 Bearer tokenGraziano Liberatihttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1206568592021-03-02T09:54:41Z2021-03-02T08:59:55Z<p>Hello Javier,</p>
<p>I have already enabled all the scopes.</p>
<p>Thanks to your suggestion I have solved the problem.</p>
<p>The problem was that I did not added the Service Access Policy
strating with OAUTH2_ granting the access to the services.</p>
<p>Thanks a lot for your support! It has been very helpful!</p>Graziano Liberati2021-03-02T08:59:55ZRE: GraphQL requests 401 Unauthorized with OAuth2 Bearer tokenJavier De Arcoshttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1206568022021-03-18T06:11:35Z2021-03-02T06:53:24Z<p>Your configuration seems completely correct and a probe is that you
were able to obtain the token.</p>
<p>Taking this into account and reading the error message could be a
problem with scopes. Have you select the right scope to allow access
to this information?</p>
<p>In this case I think you should select: User Administration ->
read data on behalf</p>
<p>
<img src="/documents/14/0/Captura+de+pantalla+2021-03-02+a+las+7.50.16.png/71bef750-4764-124a-233b-ce4f193c99e9?t=1614667908107&imagePreview=1" /></p>
<p>In case you need something more custom you should add a Service
Access Policy strating with OAUTH2_ and you will be able to select it
as a Scope for your OAUTH configuration</p>Javier De Arcos2021-03-02T06:53:24ZGraphQL requests 401 Unauthorized with OAuth2 Bearer tokenGraziano Liberatihttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1206432172021-02-23T18:07:18Z2021-02-23T18:06:08Z<p>Hello,</p>
<p>I am using Liferay 7.3 GA6, using the OAuth 2 administration panel I
have configured an application as the following image.</p>
<p>
<img src="/documents/14/120368684/Capture+2021-02-23+at+18.53.54.png/812c84ff-51a9-aa56-f2c0-4a730edee52e?t=1614102877998&imagePreview=1" /></p>
<p>Then I have tried to perform the following graphql calls.</p>
<p>1. Obtain the oauth2 token (success)</p>
<p>curl --location --request POST 'https://<host>/o/oauth2/token'
\<br />--header 'Content-Type: application/x-www-form-urlencoded'
\<br />--data-urlencode 'client_id=id1234' \<br />--data-urlencode
'client_secret=secret1234' \<br />--data-urlencode
'grant_type=password' \<br />--data-urlencode
'username=<emailaddress>' \<br />--data-urlencode 'password=<password>'</p>
<p>I have replaced real data with <fake data>.</p>
<p>This operation is successfull and I obtain the access token and the
refresh token.</p>
<p>2. invoke the graphql operation (failed)</p>
<p>curl --location --request POST 'https://<host>/o/graphql'
\<br />--header 'Authorization: Bearer
9c7222375513be53a5ef5be5471961d9a3627c1e27ab8aceb92edc43218ea'
\<br />--header 'Content-Type: application/json' \<br />--data-raw
'{"query":"{\n site(siteKey: \"38413\"){\n
id\n name\n }\n}","variables":{}}'</p>
<p>Reading the documentation I see that the access token should be
passed through the authorization header. Anyway I obtain the following error</p>
<pre><code>{
"errors": [
{
"message": "Exception while fetching data (/site) : java.lang.SecurityException: Access denied to com.liferay.portal.kernel.service.GroupService#getGroup",
"locations": [],
"errorType": "DataFetchingException",
"path": null,
"extensions": {
"exception": {
"errno": 401
},
"code": "Unauthorized"
}
}
],
"data": {
"site": null
}
}</code></pre>
<p> </p>
<p>Can anyone help me on this please?</p>
<p>Thanks,<br />Graziano</p>Graziano Liberati2021-02-23T18:06:08Z