V8 API Authentication not passing back bearer token

English Language - Forum
1

Hello,

I have an install of SuiteCRM on Ubuntu 20.04. It’s SSL encrypted and has mod rewrite enabled and I have run composer install and created the necessary public and private key files as described here.

I am calling the version 8 API at /API/access_token with the following code:

<?php

    $ch = curl_init();
    $header = array(
//        'Content-type: application/vnd.api+json',
        'Accept: application/vnd.api+json',
        'Content-type: application/x-www-form-urlencoded',
    );
    $postStr = json_encode(array(
        'grant_type' => 'client_credentials',
        'client_id' => 'myclientid',
        'client_secret' => 'myclientsecret',
    ));
    $url = 'https://mydomain.com.au/Api/access_token';
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt ($ch, CURLOPT_CAINFO, 'C:\Users\Me\Downloads\cacert.pem');

    $output = curl_exec($ch);
    var_dump($output);

    $err = curl_error($ch);
    var_dump($err);

    $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    echo $httpcode;

This is almost exactly the same as the script described in the documentation except that I’ve changed the content type header to be ‘Content-type: application/x-www-form-urlencoded’. I did this because with ‘Content-type: application/vnd.api+json’ it’s giving me a response code 404 Not Found.

The output from the script is this:

string(112) "{"grant_type":"client_credentials","client_id":"myclientid","client_secret":"myclientsecret"}"
string(0) ""
200

So I’m receiving a 200 response code and no errors, but the API is passing me back exactly the same thing that I am passing it in the body of the request. It should be giving me a bearer token like this from the documentation

{
   "token_type":"Bearer",
   "expires_in":3600,
   "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjdkOTEyODNhMjc1NDdkNDRlMzNmOTc5ZjVmMGRkYzQwNzg1ZGY5NGFhMWI5MDVlZGNmMzg3NWIxYjJkZDMzNDljZWEyNjZhMTQ2OTE5OWIzIn0.eyJhdWQiOiJzdWl0ZWNybV9jbGllbnQiLCJqdGkiOiI3ZDkxMjgzYTI3NTQ3ZDQ0ZTMzZjk3OWY1ZjBkZGM0MDc4NWRmOTRhYTFiOTA1ZWRjZjM4NzViMWIyZGQzMzQ5Y2VhMjY2YTE0NjkxOTliMyIsImlhdCI6MTUxODE5NTEwMiwibmJmIjoxNTE4MTk1MTAyLCJleHAiOjE1MTgxOTg3MDIsInN1YiI6IjEiLCJzY29wZXMiOltdfQ.EVGuRisoMxSIZut3IWtgOYISw8lEFSZgCWYCwseLEfOuPJ8lRMYL4OZxhu9gxJoGF0nj3yc6SYDPxovrsoj8bMoX38h4krMMOHFQLoizU0k2wAceOjZG1tWKPhID7KPT4TwoCXbb7MqAsYtVPExH4li7gSphJ8wvcWbFdS5em89Ndtwqq3faFtIq6bv1R4t0x98HHuT7sweHUJU40K9WQjbAfIOk8f5Y6T2wassN2wMCBB8CC6eUxLi14n2D6khHvkYvtPbXLHpXSHZWvEhqhvjAeSR5MmMrAth9WDSWUx7alO-ppsZpi8U7-g9Be5p6MRatc25voyTI2iTYbx02FQ",
}

One thing I have noticed in the suitecrm.log file is this debug message seemingly related to the API:

Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/slim.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/controllers.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/factories.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/globals.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/helpers.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/middlewares.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/params.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/services.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/validators.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/services.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom file is not exists: custom/application/Ext/Api/V8/beanAliases.php
Wed Jun 21 10:15:53 2023 [452114][-none-][DEBUG] Custom routes file is not exists: custom/application/Ext/Api/V8/Config/routes.php

I have found a couple of github issues related to this but I can’t figure out what it’s about and also, my route is not a custom route so I don’t know if it is relevant.

Can anyone please help with why this is not working?

Cheers,
Clare

2

Wondering if anyone can help me with this - I am now trying to debug the API by putting logging into the code. I think the file at /var/www/html/suitecrm/public/legacy/Api/V8/Config/routes.php might be the entry point for the API call and I have put some debug messages in it using the method described here however there is nothing being shown in the suitecrm.log file (the logging level is definitely set to debug on my configuration and other debug messages are appearing in the log file).

Can anyone please help with whether or not this is the right file to be putting debugging into, or why the logging is not working?

3

My guess is that that file is called only initially as a configuration setting up the routes, but not for every API call.

Instead of using logging as debugging, you should be doing actual debugging, setting up XDEBUG and an IDE such as phpStorm, VSCode, Ecplise, etc. I really recommend it.

4

Thanks pgr, I set up debugging and having tracked down a few things and made some changes I’m finally getting an error:

"It was not possible to parse your key, reason: ".

This is coming from the JWT package at vendor/lcobucci/jwt/src/Signer/OpenSSL.php in line 90:

  private function validateKey($key)
  {
    if (!is_resource($key)) {
      throw new InvalidArgumentException(
        'It was not possible to parse your key, reason: ' . openssl_error_string()
      );
    }

The $key variable is an OpenSSLAsymmetricKey type: PHP: OpenSSLAsymmetricKey - Manual

This is a class, not a resource which is why the error is being thrown. The PHP manual says in PHP 8 it replaces OpenSSL key resources, from the docs:

" A fully opaque class which replaces OpenSSL key resources as of PHP 8.0.0."

If I comment out the is_resource conditional, the API is passing me back a bearer token and all the other expected data.

The lcobucci/jwt version that SuiteCRM is using is 3.3.3 which is not compatible with PHP 8, but SuiteCRM version 8 is supposedly compatible with PHP 8.0 so I think this is a bug. Can I raise this somewhere and see if we can get it fixed?

Cheers,
Clare

5

Nice detective work, Clare! :female_detective:

You won’t regret the effort put into setting up proper debugging, it will pay back one-hundred fold.

About this issue, yes, I guess you can open an issue etc., but I fear it won’t get much traction because there’s too much backlog.

I guess the proper way forward would be to upgrade that vendor package to one that is compatible with PHP 8.0. Can you try that? If you can validate that that works, I think there’s a better chance this will get looked at in Github, and eventually merged/updated there.