When using file attachments in ODP, the user gets an unauthorized error when downloading a file attachment in a data service via UI / Swagger.


{"message":"Unauthorized"}


Troubleshooting the error

Open the chrome debug console and refresh the appCenter page on the browser. Filter out the "check" XHR GET API and look at whether the set cookie response is being sent. Look for a response header as follows:


set-cookie: Authorization=JWTxxxxxxxxxxxx Domain=localhost; Path=/api/; Expires=Wed, 28 Aug 2019 06:18:04 GMT; HttpOnly; Secure; SameSite=Strict

The value in Domain should match the value of the FQDN (fully qualified domain name) where the application is being hosted e.g. community.odp.capiot.com


If the value is not the same, the cookies are not being set.


Resolution

  1. Login to your kubernetes setup where ODP is being hosted
  2. Execute kubectl edit configMap -n <namespace> where namespace is the name of the namespace in which ODP's core services are hosted
  3. Edit the entries of the following attributes to reflect the correct FQDN for each of these values:
    • B2B_EDGE_GATEWAY_FQDN
    • B2B_GATEWAY_FQDN
    • CERTIFICATE_COMMON_NAME
    • FQDN
  4. Exit the config map editor using :wq!
  5. Scale up / down the nginx, gw and user deployments using the commands below:


kubectl scale deployment user   -n capiot --replicas=0
kubectl scale deployment gw     -n capiot --replicas=0
kubectl scale deployment nginx  -n capiot --replicas=0

kubectl scale deployment user   -n capiot --replicas=1
kubectl scale deployment gw     -n capiot --replicas=1
kubectl scale deployment nginx  -n capiot --replicas=1


After following these steps, go to AppCenter and refresh the browser, and now click on the attachments to download them. It should work fine.


TIP
These FQDNs can also be set correctly at the time of installation


Affected versions


Omni Data Platform 3.x