Check/replace legacy API-KEY usage with JWT based check

[nickdos]

Potential candidate:

https://github.com/AtlasOfLivingAustralia/bie-index/blob/develop/grails-app/controllers/au/org/ala/bie/MiscController.groovy#L191

Should include a scopes attribute for newer JWT checks.

[vjrj]

Hi @nickdos and @adam-collins. I'm trying to upgrade our services to use the latest versions of bie-index and ala-bie-hub. But I don't find a configuration that works for methods in MiscController with the @RequireApykey annotation. Is this working for ALA or we need to solve this issue? I was trying to debug but I'm a bit lost debugging the interceptors.

TIA

[nickdos]

Did you check apikey app has allowed access for the client and service? E.g. ALA version is https://auth.ala.org.au/apikey/.

[vjrj]

Did you check apikey app has allowed access for the client and service? E.g. ALA version is https://auth.ala.org.au/apikey/.

Yes. I'll double check again. But I get a 401 doing setUrl and similar calls. Thanks anyway.

[nickdos]

The other thing to check is the "authorised systems" in userdetails. You might need to white-list the IP for the server as well.