API v2.0 /auth/get_token generates a token that cannot be used

[boswelja]

Hey all,

I am currently trying to set up an authentication flow in an Android app using the TrueNAS API v2.0, but I've noticed I cannot use any of the endpoints via bearer token generated by `/auth/generate_token`.

For example, if I try to hit `/reporting/graphs`, I will get a 401 Unauthorized. In this example, the request looks like this:
REQUEST: http://truenas.local/api/v2.0/reporting/graphs METHOD: HttpMethod(value=GET) COMMON HEADERS -> Accept: application/json -> Accept-Charset: UTF-8 -> Authorization: Bearer my-token-here CONTENT HEADERS -> Content-Length: 0 BODY Content-Type: null BODY START

To generate a new token, I am sending this:
REQUEST: http://truenas.local/api/v2.0/auth/generate_token METHOD: HttpMethod(value=POST) COMMON HEADERS -> Accept: application/json -> Accept-Charset: UTF-8 -> Authorization: Basic my-basic-auth CONTENT HEADERS -> Content-Length: 43 -> Content-Type: application/json BODY Content-Type: application/json BODY START {"ttl":600,"attrs":{},"match_origin":false} BODY END

Which seems to work, and returns a new token (wrapped in quotes, which I have stripped in the hopes that it would fix the issue but it did not).

I'm not super familiar with the authentication side of RESTful services, so I'm probably missing something simple here
My host server is an HP DL380 G9 (which probably isn't super relevant here) running TrueNAS SCALE 22.12.2

 

[sretalla]

I'm not sure if I really understand it well myself, but as far as I can see, you would normally use that method to get a token only if not already having one (you can generate one in the API menu which just works as a bearer token in the code you have there).

I note that the API docs seem to point to using credentials rather than bearer in some cases and that:

credentials can be UNIX_SOCKET, ROOT_TCP_SOCKET, TRUENAS_NODE, LOGIN_PASSWORD or TOKEN, depending on what authentication method was used.

Maybe see if you can get it to work with credentials rather than bearer.

 

[boswelja]

Thanks for replying! Endpoints appear to work fine with basic authentication, and generating an API key works fine too (which can be done via another endpoint as well as the web UI). However, I'd much rather be storing a token that has an expiry, rather than the users credentials or the seemingly indefinite API key.

 

[marco_person250]

I also found the solution to my query thanks for sharing your experiences.