Token Auth / XHR

[ghost]

Hi,

probably not an issue but a misconfiguration:

I'm trying to perform a token-based authentication with a XMLHttpRequest, but I cant get it to work. This is the request:

xhr = new XMLHttpRequest(); xhr.open('GET',url); xhr.setRequestHeader('Authorization', 'Token MYTOKEN'); xhr.withCredentials = true; xhr.send(null);

Apparently, a cookie is set, but the prefix is nginx-sso-main - when I use the login page, it's nginx-sso-ldap. The log then states "no valid user found".

The config.yaml looks like this:

acl: rule_sets: ... allow:

• "@_authenticated"
  ... token: tokens: test: "MYTOKEN"

Also, I'm wondering which endpoint to use in the URL. When it's https://login.example.org/login two requests are made to either /login and /debug

Cheers Tobias

[ghost]

What I'm trying to achieve is a "background" authentication, because users would already have authenticated against another app via a PHP form. Another option would be to also submit the form to nginx-sso, but that seems impossible or beyond my skills.

[Luzifer]

Hey, I'm sorry for the delayed answer.

When you are sending a Token to be used with the token provider there is no authentication cookie. The token is just used to give one-time access as it is expected to be present in all requests.

If you are normally using the LDAP provider to log in you would need to send the LDAP login credentials to the /login endpoint:

# curl -i -X POST -F 'ldap-username=myuser' -F 'ldap-password=mypass' -F 'go=https://example.com/loggedin.json' https://login.example.com/login
HTTP/2 302 
server: nginx
date: Sat, 29 Jun 2019 10:51:33 GMT
content-length: 0
location: https://example.com/loggedin.json
set-cookie: nginx-sso-ldap=[...]

That way the user has a cookie set and is logged in. Also you might want set the redirect to something yielding a JSON object your XHR request can read.