what is the REST API to generate jwt token for chirpstack V4?

chirpstack / chirpstack-rest-api

ChirpStack gRPC API to REST proxy.

MIT License

17 stars 14 forks source link

what is the REST API to generate jwt token for chirpstack V4? #12

Closed Sheng2216 closed 1 year ago

Sheng2216 commented 1 year ago

Hi, does Chipstack V4 have an equivalent REST API endpoint to generate an jwt token like in V3:

curl -X POST "http://xx.xx.xx.xx/api/internal/login" -H "Content-Type: application/json" -d '{"email": "admin", "password": "password@123"}' {"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcyIsImV4bCI6MTY4ODcxNzY1OCwiaWQiOjEsImlzcyI6ImFzIiwibmJmIjoxNjg4NjMxMjU4LCJzdWIiOmNlciIsInVzZXJuYW1lIjoiYWRtaW4ifQ.fOGFtmZNzzo_plX4UArkD6sn6JJpiUKfYXQoHf9az8w"}

I checked the Swagger UI docs but did not see an equivalent endpoint. However, in the Chirpstack's logs I noticed a gRPC API call when I generating an API token from the Chirpstack NS's web UI:

gRPC{uri=/api.InternalService/CreateApiKey}: chirpstack::api: Finished processing request status="200" latency=8.300281ms

Does Chipstack V4 expose a REST API for generating jwt tokens, or is the gRPC endpoint the only option, or I must manually create the API from the web UI?

Thank you!

Sheng2216 commented 1 year ago

the internal endpoints are not exposed intentionally... check this: https://forum.chirpstack.io/t/chirpstack-api-server/16733/2 I wonder if there is a way to register the gateway with scripts but without the token... just edit the database?

brocaar commented 1 year ago

Hi @Sheng2216, on purpose I do not allow creating API tokens through the API. If an API key would be leaked, then this would allow others to create new API keys, which would it make really hard to find out which keys to revoke.

Would it be an idea if I add a CLI command to the chirpstack binary to create a global API key for bootstrapping?

Sheng2216 commented 1 year ago

Would it be an idea if I add a CLI command to the chirpstack binary to create a global API key for bootstrapping?

yes, a CLI command like what ttn-lw-cli provides could be a useful solution to generate an initial API key.

brocaar commented 1 year ago

@Sheng2216 the above commit implements this, e.g.:

chirpstack -c configuration/ create-api-key --name test

2023-07-13T10:07:36.458488Z  INFO chirpstack::storage: Setting up PostgreSQL connection pool
2023-07-13T10:07:36.491710Z  INFO chirpstack::storage: Applying schema migrations
2023-07-13T10:07:36.508945Z  INFO chirpstack::storage: Setting up Redis client
2023-07-13T10:07:36.559718Z  INFO chirpstack::storage::api_key: Api-key created id=11e80ca6-2860-4977-9b6f-fd5c1b5bf7b5
id: 11e80ca6-2860-4977-9b6f-fd5c1b5bf7b5
token: ey................

It should then be fairly easy to extract the id and token