Skip to main content
Question

Stored web connection?

  • September 5, 2018
  • 7 replies
  • 22 views
jatoxa
Contributor
Forum|alt.badge.img+12

Hi,

 

 

I have made a workflow that connects to a web API using the HTTP caller. I authenticated with Oauth2 and everything worked fine with my own account on the API service. I then went on to make separate web connections for the accounts of my colleagues. But now I got "access denied".

 

 

It turns out when retrieving the user info with the HTTP caller it logs on to my account no matter what web connection I set in the HTTP caller. I even removed the web connection with my own credentials completely but still I get a json response with my account details.

 

 

How is this even possible and is it a bug in the HTTP caller or the API I'm logging on to?

 

 

 

Thanks!

 

7 replies

nathanatsafe
Safer
Forum|alt.badge.img+7

Hi @j2, thanks for your question!

 

May I ask what service you are connecting to? Would you be able to share your workspace or HTTPCaller parameters, and possibly your web connection parameters (a screenshot perhaps)?

 

Thanks,

 

Nathan
jatoxa
Contributor
Forum|alt.badge.img+12
  • jatoxaContributor
  • Author
  • Contributor
  • September 6, 2018

Hi NathanAtSafe,

 

 

Absolutely! I'm connecting to something called Projectplace https://service.projectplace.com/apidocs/

 

It's a project management system.

 

 

When I authenticate I get a pop-up window where I let the "app" get access to my account.

 

The information is correct and I can see the name of the app and account correspond.

 

However if I use a HTTP caller to get https://api.projectplace.com/1/user/me/profile

 

It returns the info for my own account even though I removed it.

 

The client id and secret is of course updated to correspond to the other account but it doesn't change anything.

 

 

 

nathanatsafe
Safer
Forum|alt.badge.img+7
jatoxa wrote:

Hi NathanAtSafe,

 

 

Absolutely! I'm connecting to something called Projectplace https://service.projectplace.com/apidocs/

 

It's a project management system.

 

 

When I authenticate I get a pop-up window where I let the "app" get access to my account.

 

The information is correct and I can see the name of the app and account correspond.

 

However if I use a HTTP caller to get https://api.projectplace.com/1/user/me/profile

 

It returns the info for my own account even though I removed it.

 

The client id and secret is of course updated to correspond to the other account but it doesn't change anything.

 

 

 

Thanks for following up @j2,

 

After taking a look at the API and your settings, it does look OK to me. I checked with one of our developers and we've used Google connections in this way without issue, so I am hesitant to point to a problem with the HTTPCaller or Web Connection framework. If there was a bug I'd expect more reports of the issue.

 

 

If you'd like to troubleshoot this more in-depth, I'd suggest opening a support ticket: www.safe.com/support/. Unfortunately it's difficult to investigate these issues as it may be impossible to reproduce without your app and account credentials.

 

 

Best,

 

Nathan
jatoxa
Contributor
Forum|alt.badge.img+12
  • jatoxaContributor
  • Author
  • Contributor
  • September 12, 2018
nathanatsafe wrote:
Thanks for following up @j2,

 

After taking a look at the API and your settings, it does look OK to me. I checked with one of our developers and we've used Google connections in this way without issue, so I am hesitant to point to a problem with the HTTPCaller or Web Connection framework. If there was a bug I'd expect more reports of the issue.

 

 

If you'd like to troubleshoot this more in-depth, I'd suggest opening a support ticket: www.safe.com/support/. Unfortunately it's difficult to investigate these issues as it may be impossible to reproduce without your app and account credentials.

 

 

Best,

 

Nathan
Hi NathanAtSafe,

 

I tested with a third PC where I hadn't previously set this up and it turned out it's simply a cache issue when you authenticate FME access to your API. There's a "remember credentials" option on the API popup which apparently saves your initial credentials even though you want to use a different account. So now I at least know how to avoid the issue.

 

 

Thanks for looking into it!

 

nathanatsafe
Safer
Forum|alt.badge.img+7
jatoxa wrote:
Hi NathanAtSafe,

 

I tested with a third PC where I hadn't previously set this up and it turned out it's simply a cache issue when you authenticate FME access to your API. There's a "remember credentials" option on the API popup which apparently saves your initial credentials even though you want to use a different account. So now I at least know how to avoid the issue.

 

 

Thanks for looking into it!

 

Ah interesting! Thanks for sharing your findings.

 

 

Happy FME-ing.

 

Nathan

 

 

jatoxa
Contributor
Forum|alt.badge.img+12
  • jatoxaContributor
  • Author
  • Contributor
  • September 18, 2018
nathanatsafe wrote:
Ah interesting! Thanks for sharing your findings.

 

 

Happy FME-ing.

 

Nathan

 

 

Hi again NathanAtSafe

 

It isn't as simple as I thought and I have absolutely no clue to how I clear the cache. I've tried clearing webcache in all browsers since I get this authentication window up when testing the web connection but no luck. I also contacted the developers of the API.

 

 

 

jatoxa
Contributor
Forum|alt.badge.img+12
  • jatoxaContributor
  • Author
  • Contributor
  • October 4, 2018
I solved it by deleting the cookies file in AppData\\Local\\FME Workbench\\QtWebEngine\\Default

 

 

For this particular API it is impossible to add multiple connections without deleting the cookie each time you've authenticated. Maybe other API's have similar issues.

 

 

Reply


Helpful Members This Week

Community Stats

31,486
Posts
119,359
Replies
39,106
Members

Latest FME

Terms & ConditionsCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.