H
Homarr4mo ago
LYPTUS

api authorization

Hi there, I am trying to use the API endpoint to Homarr. My Homarr is managed by Portainer, running in a Proxmox LXC. This is my compose: 
version: "3"
services:
  homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/homarr/configs:/app/data/configs
      - /opt/homarr/icons:/app/public/icons
      - /opt/homarr/data:/data
    ports:
      - 7575:7575
version: "3"
services:
  homarr:
    container_name: homarr
    image: ghcr.io/ajnart/homarr:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/homarr/configs:/app/data/configs
      - /opt/homarr/icons:/app/public/icons
      - /opt/homarr/data:/data
    ports:
      - 7575:7575
I retrieved an access token from the tools, but I am having issues with autorization. 
curl -H "Authorization: Bearer XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all
curl -H "Authorization: Bearer XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all
{"message":"UNAUTHORIZED","code":"UNAUTHORIZED"}%
{"message":"UNAUTHORIZED","code":"UNAUTHORIZED"}%
anything im missing here?
7 Replies
Cakey Bot
Cakey Bot4mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Tag
Tag4mo ago
Interesting. Basically what is happening is that those functions are protected behind user authentication, and it seems that we are not recognizing the api token as such. This is definitely a bug though. @Manicraft1001 not sure where to look here but API calls are not bypassing auth requirements from "enforceUserIsAuthed" and "enforceUserIsAdmin" I think. I've tried with postman personally, with a very straightforward setup too. Both times, the TRPC call doesn't have a session and thus throws the error instantly. Content of ctx: 
{
  session: null,
  cookies: {
    'next-auth.callback-url': 'http://localhost:3000/',
    'next-auth.csrf-token': 'redacted'
  }
}
{
  session: null,
  cookies: {
    'next-auth.callback-url': 'http://localhost:3000/',
    'next-auth.csrf-token': 'redacted'
  }
}
Manicraft1001
Manicraft10014mo ago
Interesting. It worked when I tested (no unit test, duh 🙄). Can you look with Meier? He'll be able to help you debug. I'm still on my vacation
Tag
Tag4mo ago
For sure, I've already narrowed it down a little, seems the session can't be built all the way back from the "getServerAuthSession", but the req has the right input for auth. (don't tell me it's another dependency updgrade that broke it) Actually, SSO might have broken it
LYPTUS
LYPTUS4mo ago
Well im glad I wasn't being dumb! I saw that some calls weren't restricted, so that makes sense.
Meierschlumpf
Meierschlumpf4mo ago
I think the issue is that we do not actually support authorization header yet. Currently you need to use the api the following way: curl -b "next-auth.session-token=XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all This is the usage with a cookie. In my opinion it would make sense to support api keys or similar in the future as this is pretty bad practice and over all the session will expire at some point, so automations are not really useful. @LYPTUS FYI @Tag @Manicraft1001
LYPTUS
LYPTUS4mo ago
hmm, got it. I was just writing a little integration to push all my Portainer Stacks into a Homarr Dashboard so that will probably work for a one off transfer. Thanks!
Want results from more Discord servers?
Add your server
More Posts
Problems with Active DirectoryHello I have been trying all day to connect my Homarr installation to my Active Directory. I have trSonarr Intergration in CalendarI've been racking my brain trying to figure this out but I am unable to find a way to add the SonarrApps jumping around in mobile (small) viewNot sure if anyone is able ot help me understand why my apps do this, but for whatever reason the orproblem with the designHello guys, how can i fix that ?qbittorrent app won't open web UII've been adding apps all morning in setting up my new install. After adding the tile for qBittorrenmessage: `Unexpected token 'I', "Internal S"... is not valid JSON`Fresh install, twice. Version 0.15.2. TrueNAS Scale, using the TrueCharts Version: 10.8.1. Log: httPi-hole Installed on Different DeviceHello, I'm running my server along with Homarr on my main laptop. On a separate device, I have pi-hoIs Calibre Interactions possible for their status icon to work?The mouse-over tells me "Unauthorized - (104) Denied) - I'm not sure why,...the link works to accessLooking for the following intertgrationsHi, I'm looking to see if I am able to setup homarr to check on my private torrent ratios.Help finishing my widgetThis is my first time contribution to the project and I am terrible with css since I work more with