# OpenWare OPEX

#Troubleshooting Barong

#Start Barong console

From a pod run the following commands:

bundle install --binstubs
bundle exec rails console

#Verify an API key signature from Barong

If you receive unauthorized response from Barong, it might be useful to compare the signature computed from the client side and server side by Barong.

To do so connect start the Barong console and run the following command with kid your API key, the nonce used for the request and the signature. that

key = APIKeysVerifier.new(kid: "8352ef0b627de089", signature: "c0c0ed339fab0b3e21ac3f9af7c838a80a4f452e199395a697e51d3c73b02f69", nonce: "1560524481")
=> #<APIKeysVerifier:0x000055ffa0c92638 @kid="8352ef0b627de089", @signature="c0c0ed339fab0b3e21ac3f9af7c838a80a4f452e199395a697e51d3c73b02f69", @nonce="1560524481", @api_key=#<APIKey id: 4, user_id: 3, kid: "8352ef0b627de089", algorithm: "HS256", scope: [], state: "active", created_at: "2019-06-03 18:55:07", updated_at: "2019-06-03 18:55:07">>

Then the following command will return true if the signature calculated by Barong is the same:

key.verify_hmac_payload?
=> true