The user Malakan is the administrator.
Owner or administrator? Do you have a multi-tree setup? Can you actually login via UI with the username/password combo?
Malakan is the Administrator, looking at the roles I have no users with âOwnerâ set, if that is relevant?
I can login via Grampsweb using this username/password combo
Edit: single tree setup
Ok. Was asking because in a multi-tree setup, the server administator user doesnât have an associated tree ID by default, so cannot log in.
The double token fetch is not an issue.
What is happening is that your server is responding with status 403 FORBIDDEN to the sync addonâs call to the token endpoint. But the call is exacly the same as your curl command. When using nginx, you mentioned there were log entries when using curl but not when using the sync addon. Does this still hold true with caddy?
I see absolutely no way how the curl command can work and have a log entry and the addon doesnât work and has no log entry.
I see no logs for the container grampsweb nor for grampsweb_celery.
As for logs in Caddy, this still holds true. I setup a test url for returning a 403 when going to a particular subdirectory and I see them in Caddy.
This has to an issue with my server setup somewhere, somehow. But I have no clue how to proceed.
The only thing I could still think of is that Cloudflare or some firewall or whatever is blocking the call from Web API (via Python urllib), but not curl. Not sure why that could happen, maybe user agent strings or something. Do you have some other server log that could show things which are blocked before even reaching Caddy?
Currently in talks with caddy.community.
The issue seems to be Cloudflare at the moment as itâs apparently not hitting Caddy. I disabled the cloudflare proxy setting for gramps.malakan.co.uk and I now get a 308 error from a test python script I made.
Just tested with GrampsSync and IT WORKS!
So something to do with the Cloudflare proxy 
2 Likes