How should the bearer token be added in the CLI?

Diego_Valencia · October 3, 2021, 5:33pm

I try to use the Squidex CLI to export the information of a schema into a .csv file, however when I use the command:

sq content export banco-azteca:default --fields = id, version

I am getting the error:

ERROR: System.Security.SecurityException: Failed to retrieve access token for client ‘banco-azteca:default’, got HTTP Unauthorized.
at Squidex.ClientLibrary.Configuration.Authenticator.GetBearerTokenAsync()
at Squidex.ClientLibrary.Configuration.CachingAuthenticator.GetBearerTokenAsync()
at Squidex.ClientLibrary.Utils.AuthenticatingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at Squidex.ClientLibrary.Utils.SquidexClientBase.RequestJsonAsync[T](HttpMethod method, String path, HttpContent content, QueryContext context, CancellationToken ct)
at Squidex.CLI.Commands.Implementation.ImExport.ExportHelper.ExportAsync(ISession session, IExportSettings settings, ILogger log, Func`2 handler)
at Squidex.CLI.Commands.App.Content.Export(ExportArguments arguments)
at Squidex.CLI.Commands.App.Content.Export(ExportArguments arguments)
at Squidex.CLI.Commands.App.Content.Export(ExportArguments arguments)
at Squidex.CLI.Commands.App.Content.Export(ExportArguments arguments)
at CommandDotNet.Execution.InvocationResultExtensions.GetResultCodeAsync(Object value)
at CommandDotNet.AppRunner.HandleException(Exception ex, IConsole console, CommandContext commandContext)
at CommandDotNet.AppRunner.Run(String[] args)
at Squidex.CLI.Program.Main(String[] args)

What it gives me to understand is that I am not correctly configuring the bearer token for authentication, my question is, using the CLI, where should it be configured?
Is there an example for this?

Tried adding it in CLI .configuration file but it didn’t work:

"Authorization": "Bearer tokenString"

Sebastian · October 4, 2021, 11:11am

You have to add the app to the cli, it is described in the docs.

https://docs.squidex.io/02-documentation/developer-guides/automation-tools#how-to-manage-configurations

Diego_Valencia · October 4, 2021, 2:35pm

It is correct, I have done all the configuration that comes in the documentation, but when I get to the command that I showed above to export the data to a csv it sends me that error.

This is the way I add my config.
sq config add banco-azteca banco-azteca:default clienSecret sq config use banco-azteca

Even this command I get from the same Squidex portal when creating a client also offers you the way to connect.

Sebastian · October 4, 2021, 3:18pm

Weird. It seems that you get a 401 while asking for a access token. Either your client id or secret is not correct or you have something else in the pipeline that blocks that. Like Nginx, Caddy or whatever?

Diego_Valencia · October 4, 2021, 7:03pm

No, I don’t have any of those software configured.

reading the line in the error:

Squidex.ClientLibrary.Configuration.Authenticator.GetBearerTokenAsync ()

It gives me to understand that it tries to find the access token in some configuration file but I cannot see anywhere that for the CLI that configuration of the token has to be done.

Regarding the client and the secret they are the same with which I connect via script by http, as I mentioned, these are the same ones that the squidex portal gives me.

It even has a copy to clipboard button to make it faster and you don’t have to copy letter by letter.

Sebastian · October 4, 2021, 7:18pm

The token is never stored. It is loaded on demand:

github.com

Squidex/squidex-samples/blob/282cd6be3a014102468e14be1ecca44fb04e4419/csharp/Squidex.ClientLibrary/Squidex.ClientLibrary/Configuration/Authenticator.cs#L59


    this.options = options;
}

/// <inheritdoc/>
public Task RemoveTokenAsync(string token)
{
    return Task.CompletedTask;
}

/// <inheritdoc/>
public async Task<string> GetBearerTokenAsync()
{
    var url = $"{options.Url}/identity-server/connect/token";

    var bodyString = $"grant_type=client_credentials&client_id={options.ClientId}&client_secret={options.ClientSecret}&scope=squidex-api";
    var bodyContent = new StringContent(bodyString, Encoding.UTF8, "application/x-www-form-urlencoded");

    using (var response = await httpClient.PostAsync(url, bodyContent))
    {
        if (!response.IsSuccessStatusCode)
        {

Diego_Valencia · October 4, 2021, 8:13pm

This is the output of the config list command, is the assigned url correct?

Schema
notifications-attempts-baz

Everything else is assigned to how the Squidex panel gives it to me, as I showed above.

Sebastian · October 4, 2021, 8:25pm

I think you use an older version of Squidex with self hosting, right?

In newer versions the following example statement would be created:

sq config add <APP> <CLIENT> <CLIENT_SECRET> -u https://cloud.squidex.io/

As you can see, the u parameter sets the URL. Your configs point to the Squidex cloud, which is the default. And I cannot see your app there.

Diego_Valencia · October 4, 2021, 8:41pm

Probably, I have used this documentation to configure the CLI:

https://docs.squidex.io/02-documentation/developer-guides/automation-tools
Step 1 marks this configuration:
.\sq.exe config add [APP_NAME] [CLIENT_ID] [CLIENT_SECRET]
And this is where my Schema is hosted.
https://cms-banco-azteca.yalochat.com/app/banco-azteca/content/notifications-attempts-baz

Sebastian · October 5, 2021, 5:55am

Yes, you have to add -u https://cms-banco-azteca.yalochat.com then