New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
B2 fails with app key limited to specific buckets #10725
Comments
What capabilities do you have assigned to the application key? Please post the transcript from the log drawer (⌘-L). |
I cannot reproduce this issue with an application key with the capabilities |
Traced it. The application keys were limited to a single bucket. An application key with "All" for buckets works. An application key with just one bucket fails. Probably on t he new apiv2 list buckets? -capabilities:* deleteFiles, listBuckets, listFiles, readFiles, shareFiles, writeFiles -Old Flow 6.9*
7.00 connection flow
|
Ok there is a change in the API in v2.
I see though in the Authorize response JSON it does return:
So that you don't need to actually call the list_buckets separately. |
Opened a SynampticLoop backblaze-b2-java-api ticket. Looks like the error is ultimately with its handling of the login flow. synapticloop/backblaze-b2-java-api#41 Need to add the "allowed" field to the client object. And list_buckets needs to conditionally check for a like getAllowedBuckets() length !> 0 before submitting a request. Could you feasibly just use the /v1/ api for just the list_buckets command? Since it doesn't fail in 6.9? Easy band-aid solution? |
Upstream in (iterate-ch/backblaze-b2-java-api#4). |
Regression from <7.0
When opening connection, b2_list_buckets will fail if the app key in-use is limited to one bucket. 6.9 would list one bucket, 7.0 errors and breaks authorization flow.
Reproduction:
Error: 401 Listing Directory / Failed
https://www.backblaze.com/b2/docs/application_keys.html#usingRestrictedKeys
The text was updated successfully, but these errors were encountered: