Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

StatusCode: 403, ReasonPhrase: 'Forbidden' (2019-12-12)

Caitlin McCabeCaitlin McCabe Administrator
in API

Original Post: Roman Popov,  December 12, 2019 at 2:17 AM

I have problem with API for uploading file on Panopto.

I used Server-side Web Application (Authorization Code Grant) flow.

I implemented my service on .NET CORE C#

Steps for reproducing

1.           Create Client API

ClientID:    bf9ed669-9d0f-43a1-bef9-ab2000e09025

Client Secret Key: S2nMnvH+HlFqUk5noviV7Kj272KtPArQiddbTQl6e9Y=

2.           Redirect the user to the OAuth2 Authorization URL:

https://panopto-dev.esynctraining.com/Panopto/oauth2/connect/authorize?client_id=bf9ed669-9d0f-43a1-bef9-ab2000e09025&scope=openid&20api&redirect_uri=https://localhost:44335/Home/AuthRedirect&response_type=code&nonce=123

3.           The login was successful, the user was redirected to https : // localhost : 44335 / Home / AuthRedirect specified with the addition of two query parameters:

4.           I used this code to get access token:

private async Task GetToken(string code) { var dict = new Dictionary(); dict.Add("grant_type", "authorization_code"); dict.Add("code", code); dict.Add("redirect_uri", "");

var client = new HttpClient();

var authToken =Encoding.ASCII.GetBytes($"bf9ed669-9d0f-43a1-bef9-ab2000e09025:S2nMnvH+HlFqUk5noviV7Kj272KtPArQiddbTQl6e9Y=");

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(authToken));

var req = new HttpRequestMessage(HttpMethod.Post, "") { Content =new FormUrlEncodedContent(dict) }; var result = await client.SendAsync(req); var content = await result.Content.ReadAsAsync();

return content;

}

I got access token.

5.           Create the blank session:

private async Task CreateSession(string accessToken) { var client = new HttpClient(); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); Session blankSession = new Session { FolderId = "b7320521-c81d-4486-beb0-ab1f00dbd395"

};

var json = JsonConvert.SerializeObject(blankSession);

var stringContent = new StringContent(json, UnicodeEncoding.UTF8, "application/json"); var req = new HttpRequestMessage(HttpMethod.Post, "") {Content = stringContent }; var result = await client.SendAsync(req); var contentStr = await result.Content.ReadAsStringAsync();

}

I get error

{StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:

{

Access-Control-Allow-Origin:

Access-Control-Allow-Credentials: true

Strict-Transport-Security: max-age=0

WWW-Authenticate: Bearer error="insufficient_scope"

P3P: CP="Some Browsers Require This In Order to Set Third Party Cookies"

Date: Wed, 11 Dec 2019 14:24:06 GMT

Content-Length: 0

}}

What is the reason for this error ?


Responses

Kevin Baum, Moderator, December 12, 2019 at 11:34 AM

Hi Roman,

It looks like the scope parameter isn't formatted properly to request the api scope. Can you try changing the scope query parameter from "openid&20api" to "openid%20api"? That should request the correct scopes for your access token.

In the future, please also be careful not to post confidential information such as the client secret value in the public forum. If you haven't already, I would suggest generating a new secret value for this client.

If you have any other questions, please let me know.

Thanks,

Kevin

Tagged:
Sign In or Register to comment.