Course Discovery - HTTP 403 - cache_programs

[Zachary Trabookis]

I receiving a 403 error below when the LMS is trying to execute the /edx-platform/openedx/core/djangoapps/catalog/management/commands/cache_programs.py application below.

2018-10-01 14:16:50,967 INFO 14191 [openedx.core.djangoapps.catalog.management.commands.cache_programs] cache_programs.py:99 - Requesting program UUIDs.

2018-10-01 14:16:59,001 INFO 14191 [requests.packages.urllib3.connectionpool] connectionpool.py:207 - Starting new HTTP connection (1): courses.localhost

2018-10-01 14:17:31,160 ERROR 14191 [openedx.core.djangoapps.catalog.management.commands.cache_programs] cache_programs.py:102 - Failed to retrieve program UUIDs.

Traceback (most recent call last):

  File "/edx/app/edxapp/edx-platform/.pycharm_helpers/pydev/pydevd.py", line 1664, in <module>

    main()

  File "/edx/app/edxapp/edx-platform/.pycharm_helpers/pydev/pydevd.py", line 1658, in main

    globals = debugger.run(setup['file'], None, None, is_module)

  File "/edx/app/edxapp/edx-platform/.pycharm_helpers/pydev/pydevd.py", line 1068, in run

    pydev_imports.execfile(file, globals, locals)  # execute the script

  File "./manage.py", line 116, in <module>

    execute_from_command_line([sys.argv[0]] + django_args)

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 354, in execute_from_command_line

    utility.execute()

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 346, in execute

    self.fetch_command(subcommand).run_from_argv(self.argv)

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/management/base.py", line 394, in run_from_argv

    self.execute(*args, **cmd_options)

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/management/base.py", line 445, in execute

    output = self.handle(*args, **options)

  File "/edx/app/edxapp/edx-platform/openedx/core/djangoapps/catalog/management/commands/cache_programs.py", line 100, in handle

    uuids = client.programs.get(**querystring)

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/slumber/__init__.py", line 155, in get

    resp = self._request("GET", params=kwargs)

  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/slumber/__init__.py", line 101, in _request

    raise exception_class("Client Error %s: %s" % (resp.status_code, url), response=resp, content=resp.content)

slumber.exceptions.HttpClientError: Client Error 403: http://courses.localhost:18381/api/v1/programs/

I created a Program Type and Program at 

curl -X GET --header '{"Authorization": "Bearer eyJhbGciOiJIUzI1NiJ9I.eyJzY29wZXMiOiBbImVtYWlsIiwgInByb2ZpbGUiXSwgImFkbWluaXN0cmF0b3IiOiB0cnVlLCAiYXVkIjogImxtcy1rZXkiLCAiZmFtaWx5X25hbwMC9vYXV0aDIiLCAicHJlZmVycmVkX3VzZXJuYW1lIjogImxtc19jYXRhbG9nX3NlcnZpY2VfdXNlciIsICJuYW1lIjogIkxNUyBDYXRhbG9nIFNlcnZpY2UgVXNlciIsICJnaXZlbl9uYW1lIjogIiIsICJleHAiOiAxNTM4NDI1NzMxLCAiaWF0IjogMTUzODQyMjEzMSwgImVtYWlsIjogImxtc19jYXRhbG9nX3NlcnZpY2VfdXNlckBlZHVjYXRld29ya2ZvcmNlLmNvbSIsICJzdWIiOiAiZDM5ZTQyNGE3M2ZiNDlhZjk0NjZhZWUxMDUwZmQ2YjYifQ.mG3F1ljXdaKE69hS7a3-bHu16WP6sfux1WgHQs01WYs", "Accept: application/json"}' 'http://courses.localhost:18381/api/v1/programs/'

Receiving the following error.

{

    "detail": "Authentication credentials were not provided."

}

Can anyone help out with this?

Zach

[Zachary Trabookis]

Getting this error from /edx/var/log/discovery/edx.log

Oct  1 20:00:08 vagrant [service_variant=discovery][django.server] WARNING [vagrant  7867] [/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/django/core/servers/basehttp.py:124] - "GET /api/v1/programs/ HTTP/1.1" 403 58

Oct  2 15:26:34 vagrant [service_variant=discovery][edx_rest_framework_extensions.utils] INFO [vagrant  7867] [/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/edx_rest_framework_extensions/utils.py:85] - Token decode failed for issuer 'http://courses.localhost:8000/oauth2'

Traceback (most recent call last):

  File "/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/edx_rest_framework_extensions/utils.py", line 80, in jwt_decode_handler

    algorithms=[api_settings.JWT_ALGORITHM]

  File "/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/jwt/api_jwt.py", line 78, in decode

    jwt, key=key, algorithms=algorithms, options=options, **kwargs

  File "/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/jwt/api_jws.py", line 135, in decode

    key, algorithms)

  File "/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/jwt/api_jws.py", line 206, in _verify_signature

    raise DecodeError('Signature verification failed')

jwt.exceptions.DecodeError: Signature verification failed

Oct  2 15:26:34 vagrant [service_variant=discovery][edx_rest_framework_extensions.utils] ERROR [vagrant  7867] [/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/edx_rest_framework_extensions/utils.py:88] - All combinations of JWT issuers and secret keys failed to validate the token.

Oct  2 15:26:34 vagrant [service_variant=discovery][django.server] WARNING [vagrant  7867] [/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/django/core/servers/basehttp.py:124] - "GET /api/v1/programs/?exclude_utm=1&status=active&status=retired&uuids_only=1 HTTP/1.1" 403 50

Oct  2 15:26:34 vagrant [service_variant=discovery][django.server] WARNING [vagrant  7867] [/edx/app/discovery/venvs/discovery/lib/python3.5/site-packages/django/core/servers/basehttp.py:124] - "GET /api/v1/programs/?exclude_utm=1&status=active&status=retired&uuids_only=1 HTTP/1.1" 403 50

Zach

[Zachary Trabookis]

When I view this from the browser with a verified OAuth2 LMS account I get no errors. This leads me to believe that I'm setting up the REST Client with bad authentication credentials.

[Zachary Trabookis]

I was able to resolve my issue by setting the JWT_AUTH configuration value in lms.env.json accordingly.

 "JWT_AUTH": {

        "JWT_AUDIENCE": "<LMS OAuth2 Client ID for course-discovery>",

        "JWT_ISSUER": "http://courses.localhost:8000/oauth2",

        "JWT_SECRET_KEY": "<LMS OAuth2 Client Secret for course-discovery>"

    }, 

LMS OAuth2 for Course Discovery

/admin/oauth2/ to find Client ID and Client Secret used for JWT.

Slack conversation.

https://openedx.slack.com/archives/C08B4LZEZ/p1538494232000200

Zach