User Authentication API

[Aldo Gordillo]

Hello.

I'm experiencing troubles with the User Authentication method for accessing Europeana API.

As explained here (http://labs.europeana.eu/api/authentication#user_authentication), there are three different authentication methods: 'Basic', 'User' and 'OAuth2' authentication.

I want to access My Europeana (that is, user data) from a web application using the API.

'Basic' authentication is not valid for accesing user information, and OAuth2 authentication seems to be broken (see https://groups.google.com/forum/?pli=1#!topic/europeanaapi/aM2dl_dPMT4), so, 'User Authentication' seems to be the only possibility to retrieve user data from external applications using the Europeana API.

Based on the documentation, the user authentication should be performed in the following way:

1. First, make an HTTP POST to http://europeana.eu/api/login.do, including username/password or public/private keys of the user. The response should return a cookie named "JSESSIONID" with the session id.

2. Send the cookie with every subsequent API call that requires authentication.

The first step seems to be ok. I make a post to http://europeana.eu/api/login.do with my username and password and I get a HTTP 302 redirect to http://europeana.eu/api/ (which indicates that the authentication is correct) and also I get the cookie with the session id. Everything working fine and according to the documentation until here.

The troubles arises with the subsequent calls. Since I have authenticated with username and password I send requests to the "http://europeana.eu/api/v2/user" endpoint.
Every time I make a HTTP GET request to http://europeana.eu/api/v2/user/profile.json, including a cookie "JSESSIONID" with the session id obtained previously, I get an HTTP 401 Unauthorized as a response.

Is there any bug in the Europeana side? I'm doing something wrong?

Thanks in advance.

Kind regards,

Aldo Gordillo

[Aldo Gordillo]

Hello again.

Just to notify my recent advances.

It seems that If I use the user keys instead of the user credentials, and the endpoint http://europeana.eu/api/v2/mydata, it works, at least the method to get the profile.

So, maybe there is a problem with the  "http://europeana.eu/api/v2/user" endpoint.

Greetings,

Aldo

[Willem-Jan Boogerd]

Hi Aldo,

mydata is support to work with your api keys, it meant to be a easy way to access your own data, not the data of an other user.

So although mydata offers the same methods, it's a different functionality.

Yes, there are problem with the ../user endpoints, we are aware of that.

We are working hard to reconfigure the security layer of the API, with the number one priority to fix the failing oauth2 support.

Greatings back

Willem-Jan