DioError 403 with correct URL, username, password

[Whisprin]

Hello,

I'm trying to setup the app and connect to my paperless instance.

I'm using a password manager to copy&paste the URL, username and password of my instance - so they should be correct.
The URL is something like: https://paper.host.tld/paperless/ and the login in the browser is successful as well.

However, in the app I'm getting this Error:

"Error while connecting to server"
DioErro [DioErrorTyoe.RESPONSE]: Http status error [403]

[bauerj]

Hey Robert,

do you use a reverse proxy in front of paperless?

[Whisprin]

I'm using Apache and mod_wsgi like described here: https://paperless.readthedocs.io/en/latest/setup.html#making-things-a-little-more-permanent
But I changed Alias to /paperless/static and WSGIScriptAlias to /paperless.

[bauerj]

Can you confirm that

curl --user <username> https://paper.host.tld/paperless/api/documents/

works? It should return a long list of documents.

_{^{Edit: This originally did not include the slash at the end.}}

[jonaswinkler]

Can you confirm that

curl --user <username> https://paper.host.tld/paperless/api/documents

works? It should return a large list of documents.

Don't forget trailing slashes. I think they are required.

[Whisprin]

Using curl I get a redirect to location: /paperless/api/documents/ and then the same error:

< HTTP/2 403
{"detail":"Authentication credentials were not provided."}

With correct, incorrect and no password it's the same response.

When I open this URL logged in the browser it works:

GET /paperless/api/documents/

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "count": 44,
    "next": "https://paper.host.tld/paperless/api/documents/?page=2",
    "previous": null,
    "results": [
        {
            "id": 28,
            "correspondent": null,
            "title": "0120",
...

[bauerj]

Thanks for confirming. This looks like a server issue then. The browser uses a different authentication mechanism with cookies which is why it works fine there.

It's not quite clear to me why this doesn't work but then again I don't work much with Apache.

[jonaswinkler]

try

curl --user <username> --basic https://paper.host.tld/paperless/api/documents/

which should ask you for your password and verify that authentication works.

[Whisprin]

Thanks, yes with and also without --basic the password prompt appears:

Enter host password for user 'myuser':

The response is the same as above.

[Whisprin]

I got it!
Thanks for nudging me in the right direction. I didn't know that the API uses basic auth.

In order to have basic auth working with wsgi this is needed in the apache conf: WSGIPassAuthorization On.

https://www.django-rest-framework.org/api-guide/authentication/#setting-the-authentication-scheme

Created a PR to the documentation. Now on to try the app :)

[bauerj]

Thanks for posting the solution! This should probably be changed in the documentation(s).

Edit: I see you're already one step ahead here 😄