search

docspell / dsc

Docspell command line interface
https://docspell.org/docs/tools/cli
GNU General Public License v3.0
19 stars 5 forks source link

OAuth Login #409

Open deadda7a opened 11 months ago

deadda7a commented 11 months ago

Hey,

I'm not sure if this is really an issue or I'm not seeing something obvious. My docspell instance has OAuth as the only way to login, hence the users are not "local" users and don't have a password. So I have the same problem with both the API and DSC: I can't login, since I can't give a password. And also not a session token, because I would need to login to get one.

I've also read through the source code a bit, but didn't get far. Any help would be appreciated :)

Sebastian Elisa

eikek commented 11 months ago

Oh, I'm afraid this is not implemented :/ Currently you'd need to login via web and extract the session token.

deadda7a commented 11 months ago

Thanks for the info it at least brings me the peace of mind it's not me! I've a feature request... :)

Is there a way to increase the validity of the session token? I was doing that, but at the moment it is only 30sec (?) which is not enough to do anything, and I'm sometimes even to slow to extract it from the developer console in the browser and copy it to my Terminal.

eikek commented 11 months ago

No it's not you :) Doing this openid stuff is a bit of a hassle to implement, but that should absolutely be done at some point.

You can for now extends the session token validity in the config file, look for session-valid (it is default 5 minutes). But don't set it too high, there is currently this bug eikek/docspell#2309 waiting to get triggered :) You can get a new token using a valid one by POSTing to /sec/auth/session. Then I think you should be able to get dsc into its "authenticated state": just manually create the file that it would create on login. It is at ~/.config/dsc/dsc-token.json and looks like this:

 {
  "collective": "<your collective>",
  "user": "<your user>",
  "success": true,
  "message": "Login successful",
  "require_second_factor": false,
  "token": "<the token>",
  "valid_ms": 300000
}

Then dsc should get a new token automatically once this one is close to expire (obviously, adopt as necessary).

deadda7a commented 11 months ago

I can imagine :(

Oh is it 5min? Mine started to invalidate very fast, although I'm not sure if I didn't set it lower in the config and I can't check at the moment-

Anyway thanks for the idea, I'll try that!