Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.
Options

Acquire oauth2 auth code using Jersey framework

Linda ColeLinda Cole Tyro
in API

Hi, I'm brand new as a Panopto API user. I'm attempting to get an access token for a user-based (server) web app. I'm working with these instructions: https://support.panopto.com/s/article/How-to-Get-OAuth2-Access-Tokens-for-Users.

My question is with the initial redirect that my web app does, to send the user to the Panopto log-in page.

This is my URL.

https://[my-institution].hosted.panopto.com/Panopto/oauth2/connect/authorize?client_id=[my-client-id]&scope=openid%20api&redirect_uri=[my-redirect-uri]&response_type=code&nonce=123

I'm using the Jersey framework (Java servlet-based - yeah, that's what I'm stuck with). From my web app I'm issuing a "Response.temporaryRedirect" to this URL. (Is this the problem?)

What I'm getting back: 2 responses.

Response 1 is a 302 GET to the redirect URL is as described above.

Response 2 is a 200 GET to a URL that looks like this:

https://[my-institution].hosted.panopto.com/Panopto/oauth2/login?signin=[some-signin-encoded-string]

(If I paste this sign-in URL into my browser address bar, I get a Panopto error page with this content:

Error processing request

There is an error determining which application you are signing into. Return to the application and try again.

Request Id: cc072f73-3fbd-4fc0-87f9-70b1c0102823)


So, my questions:

(1) Is my assumption right, that a user hitting my web app should be redirected to the Panopto log-in page? (I think yes?)

(2) Is it how I'm issuing the redirect using the Jersey framework that is the cause of the problem?

(3) If yes to question 2, would this explain why I get back "Response 2"?

Answers

  • Options
    Linda ColeLinda Cole Tyro

    UPDATE: I think I have figured out that redirects are followed only if they use the same protocol, i.e. http to http, or https to https. My testing environment is http://localhost.... I'm trying to redirect to https://[my-institution]/panopto ....

    I will change to use https://localhost

  • Options
    Linda ColeLinda Cole Tyro

    I'm now using https://localhost. The problem persists.

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Linda,

    I'm happy to try to answer your questions and help make sure that you're able to access the API.

    1. Yes, that is correct. The user should be redirected to the Panopto login page to sign into Panopto before being redirected back to your redirect URL with the authorization code. Your other two calls appear correct. When you load the Panopto/oauth2/connect/authorize page, the user should then be redirected to the Panopto/oauth2/login page before finally being sent to the Panopto login page. I'm unsure why your redirects are terminating early, but there should be one more to the login page.
    2. I'm not familiar with any issues that could cause, and would need to investigate further. When you see the second page load, does that end up showing any error message or is it a blank page?
    3. "Response 2" is a correct response on the way from the OAuth2 authorization URL to the Panopto login page. The redirect should not be causing that.

    Generally, the user isn't necessarily redirected to the authorization endpoint using a server-side redirect, but instead there may be a link or button they would click in their browser that would open the OAuth2 authorization page either in the same browser tab or a new tab/window from the client instead of the server.

    Can you verify the client type that you are using for me, and the first 6 characters of the client ID, and I can continue to look into this further?

    Thanks,

    Kevin

  • Options
    Linda ColeLinda Cole Tyro

    Client type: Server-side Web Application

    1st 6 chars of client ID: 8a633a


    Thanks very much for your help.

  • Options
    Linda ColeLinda Cole Tyro

    I forgot to respond to your question: "When you see the second page load, does that end up showing any error message or is it a blank page?"

    https://[my-institution].hosted.panopto.com/Panopto/oauth2/login?signin=[some-signin-encoded-string]

    This returns a page with the message: "Error processing request. There is an error determining which application you are signing into."

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Linda,

    Thank you for the additional information. I was able to look at our backend logs for the calls you are making, and it looks like the error I'm seeing is that the redirect URL does not match the allowed redirect URL.

    I took a closer look, and it looks like your allowed redirect URL is an HTTPS URL, but the URL that was being sent was HTTP. Could you please try again using the HTTPS URL that matches the URL that is allowed for that client?

    Please let me know if that doesn't work, or if you have any other questions.

    Thanks,

    Kevin

  • Options
    Linda ColeLinda Cole Tyro

    Yes, that fixed the problem.

    Additionally, I had some Jersey framework issues in my code that I had to resolve.

    All that to say, yes, I'm good now. So thank you very much !

Sign In or Register to comment.