Skip to main content

composer configuration

Comments

8 comments

  • preetam kumar Joshi

    I think in logi there is a bug for getting client list 

    When I have called API in "Swagger" the response also gives me
    for this request i have passed the uesername

    {
      "error": "invalid_client",
      "error_description": "Client authentication failed"
    }

    please help me
    Thanks
    Preetam k joshi

    0
  • preetam kumar Joshi

    I see almost all API calls return unauthorized 

    0
  • preetam kumar Joshi

    I have fixed the issue but one very important API hit not working for me please let me know
    about an access token API 
    This API hit gives me 

    { "timestamp": "2022-01-14 06:48:39.498", "status": 403, "error": "Forbidden", "message": "Your user session has expired. Please refresh the page to get a new user session established before changes can be saved.", "path": "/composer/api/trusted-access/token" }

    it gives me a session issue but if I hit another API works fine
    so as per my knowledge this is not the session issue

    please please please let me know and guide me for this issue 
    I will really happy to receive your responce
    Please response a bit fast please

     

     

     

    0
  • Glyn McKenna

    Hi Preetam,

    Are you just trying to get the example HTML page working against your server? The reason I ask is because it's just intended as a portable example used to demonstrate integration workflow for the API calls. Many of the calls would need to be written into server side code, not frontend JavaScript as in the example. The example page was written so that you should just need to update some of the constants at the top of the page. Alternatively are you just using the HTML page as a guide to develop your own embedding workflow?

    The first action where the example shows API calls to get/manage a client secret would not be required in any frontend or backend code normally. A client secret is generally created as a one time exercise as part of the deployment of new Logi Composer instance. It is used as a trusted handshake between the parent application and the Logi Composer instance. The secret that the server returns is for a specific client name that's been submitted with the initial request, for example in the HTML page you're using it's set to 'ClientExample'. The developer/DevOps team then generally store the client name and secret on the host server in an encrypted file or via some other method and the parent application server-side code will retrieve the secret so that admin access tokens can be generated in order to provision users and get a user bearer token that can then be used in front end code to request dashboards etc.

    Regarding the particular issue, it's very difficult to know what's happening without seeing the code. I think maybe you're referring to this function

    function createEndUserAccessToken() {

    varReqBody = {
    "username":EndUsername
    };

    Post(`${ComposerUrl}/api/trusted-access/token`, ClientCredsForAccessTokenGeneration, "Basic", ReqBody).then((result) => {
    EndUserAccessToken = result;
    logMessage("end user access token: <pre>" + JSON.stringify(result, undefined, 2)) + "</pre><BR>";
    });
    }
    The end user access token (bearer token) has a timeout based on the access-token-validity set when you create the client secret. If this has changed it may be the cause of the issue. Originally it was set to 2000 seconds.
      async function createClient(){

      // create/re-create client
      varReqBody = {
        "access_token_validity_seconds":2000,
        "client_name":ClientName
      };

    result = awaitPost( `${ComposerUrl}/api/trusted-access/clients`, SupervisorCreds, "Basic", ReqBody ).then(( result ) => {
      ClientCredsForAccessTokenGeneration = window.btoa( `${result.client_id}:${result.client_secret}` );
      localStorage.setItem( 'ComposerTAClientKey', ClientCredsForAccessTokenGeneration );
      logMessage( "client response: <pre>" + JSON.stringify( result, undefined, 2 )) + "</pre><BR>";
      returnClientCredsForAccessTokenGeneration
    });
    return result;
    };
     
    Alternatively there maybe another issue, which would probably be easiest to figure out using the browser development tools and reviewing the request and response headers for the 403 you're receiving.
     
    Best regards
    Glyn
    0
  • preetam kumar Joshi

    Hello Glyn McKenna
    I am really so happy to see your reply
    I am using the HTML file only for checking, how the logi API works

    but if you see in the  image it should be work


    Why it is not working here?

    Thanks
    Preetam Kumar Joshi

     

     

    0
  • preetam kumar Joshi

    Hello Glyn McKenna
    In swagger, as I have shared screenshot this should work 
    There is no code 
    It's a simple API hit
    And I logged in on the composer instance
    Why is the API hit in swagger not working
    Please let me know I have so many tasks on that
    Please Please tell me, I will do as it is because I have so many works on Logi firstly need to integrate and then create the chart and so many things


    Is it possible to resolve this problem in Logi?

    Your faithful friend
    Preetam Kumar Joshi

    0
  • preetam kumar Joshi

    Hello Glyn McKenna
    My issue is resolved, 
    Thanks for the reply I am always thankful for your reply
    Your faithful friend
    Preetam Kumar Joshi

    0
  • Glyn McKenna

    Hi Preetam,

    For the benefit of others who may read your post, the following is required in order to get an end user access token (Bearer token):

    • First get a client secret (client id & secret) based on a client name you choose for your instance of Logi Composer. You should only need to do this once on server deployment (unless you have a specific use case to add more). This is usually scripted or done manually as part of the deployment pipeline. Here is an example using PHP:
    Example client secret request:
    <?php

    $curl = curl_init();

    curl_setopt_array($curl, array(
    CURLOPT_URL => 'http://localhost:8080/composer/api/trusted-access/clients',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS =>'{
    "access_token_validity_seconds": 2000,
    "client_name": "my_client"
    }',
    CURLOPT_HTTPHEADER => array(
    'Content-Type: application/vnd.composer.v3+json',
    'Authorization: Basic c3VwZXJ2aXNvcjpzdXBlcnZpc29y'
    ),
    ));
    $response = curl_exec($curl);
    curl_close($curl);
    echo $response;
    Example response:
    {
    "client_name": "myclient",
    "access_token_validity_seconds": 2000,
    "client_id": "0ebfec89-4e58-4a83-9a65-44cbe8ebfe30",
    "client_secret": "vEC9qWH1PNpZk7triAsOo6hRX3TblPI5aYGd",
    "client_secret_expires_at": 0,
    "token_endpoint_auth_method": "client_secret_basic"
    }
     
    • Once you have your client_id and client_secret from the response (these will normally be stored in and encrypted file or db accessible to the hosting application server) you can use these as the user name and password for basic authentication on the end user access token request:
    Example user token request:
    <?php
    $curl = curl_init();
    curl_setopt_array($curl, array(
    CURLOPT_URL => 'http://localhost:8080/composer/api/trusted-access/token?',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS =>'{
      "username": "readonly"
    }',
    CURLOPT_HTTPHEADER => array(
      'Content-Type: application/vnd.composer.v3+json',
      'Authorization: Basic NDM1ZGY5MDMtNWZiNy00N2QyLWFkNjQtYzRjNGYwZWJjYTdjOmtVbFBHV2hhRFhXMXRKZVowUWgwN0tlekNSWmc3MTR0b1FLeQ=='
    ),
    ));
    $response = curl_exec($curl);
    curl_close($curl);
    echo $response;
    • You should get an access token in the response, which you can then use in client-side script to retrieve dashboards the user has access to

    Best regards

    Glyn

    0

Please sign in to leave a comment.