Simple configuration for OAuth 2.0 Resource Server not work.

[BriceDuchatel]

Hi All.
I try so setup up a simple OAuth 2.0 Resource Server :

OIDCOAuthVerifySharedKeys "plain#1#test"
<Location /api>
AuthType oauth20
Require valid-user

Test :

GET /api/ HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:14598
Accept: /
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjEifQ.eyJuYW1lIjoidGVzdCJ9.PNn43R-n109QI7iyculhHsuqNRrIzGDNg3RiVkShmdw

< HTTP/1.1 401 Unauthorized
< Date: Wed, 25 Oct 2023 10:24:54 GMT
< Server: Apache
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1

Log :
[Wed Oct 25 12:24:54.870906 2023] [authz_core:debug] [pid 127114] mod_authz_core.c(809): [client ::1:35150] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Oct 25 12:24:54.870948 2023] [authz_core:debug] [pid 127114] mod_authz_core.c(809): [client ::1:35150] AH01626: authorization result of : denied (no authenticated user yet)

Noting else. No debug msg from mod_auth_openidc. So what am I missing?

[zandbelt]

that works for me:

[Wed Oct 25 12:48:01.228777 2023] [authz_core:debug] [pid 41953] mod_authz_core.c(815): [client ::1:49904] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Oct 25 12:48:01.228807 2023] [authz_core:debug] [pid 41953] mod_authz_core.c(815): [client ::1:49904] AH01626: authorization result of : denied (no authenticated user yet)
[Wed Oct 25 12:48:01.228824 2023] [auth_openidc:debug] [pid 41953] src/mod_auth_openidc.c(3928): [client ::1:49904] oidc_check_user_id: incoming request: "/api/?(null)", ap_is_initial_req(r)=1

probably you're not loading the actual mod_auth_openidc config or you're overriding things elsewhere

[BriceDuchatel]

Thank you.
It works now. It was "just" a conflict with mod_auth_mellon wich is active (only on info) on /.

Greetings,
Brice.