Hi all,
maybe I don’t get all this stuff or I’m too blind to see the solution just on front of my eyes…
I have an Apache server that gives me access to a web application (Jira in my case). I use the auth_openidc module to place an Auth0 Universal Login “Protection” in front of my Jira.
In my apache configuration I specified
AuthType openid-connect Require valid-userEverything fine so far and it works like a charm… If a user tries to access my Jira he/she gets the Auth0 Login page… Everything fine…
Now… I also have some Java command line applications that need to access the REST-API of Jira and of course, the CLI can not “enter credentials” in the login screen…
After reading and reading the manual I thought I got it:
- define an Application,
- define an API,
- get a Bearer token
- access the REST API straight forward (i. e. https://my.jira.org/rest/api/foo) and put the bearer token in the http header
Well… doesn’t work and I don’t get why… Getting the bearer token works but when I try to call the REST service (and yes, with the Authotization header), Apache still responds with the Auth0 Login page…
Why?!? Do I need a special Location directive in Apache for the “/rest” URL?
I think it’s a beginners fault and I hope someone has an idea for me…
Thank you,
Michael