• Recent
    • Tags
    • Popular
    • Register
    • Login

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website Mango 5 Documentation Website

    Question| how to auto-login in mango using parent application

    How-To
    3
    6
    936
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shubham
      last edited by

      Hi,
      As I can understand from mention link (https://help.infiniteautomation.com/mango-rest-api-authentication)), is that there are two ways through which we can generate token.

      Option-1: By using mango UI (No need to have XSFR-Token mechanism)
      Option-2: By calling api with XSRF-Token mechanism.

      Query:-

      1. is there any api through which we can directly generate (without using mango UI) the JWT (json web token), without dealing with cookies and XSRF-TOKENi.e option-2. [Desired one]

      2. If XSRF-Token mechanism is mandatory then could you share more details on how to generate XSRF-Token and relevant details regarding this.

      As we can see below are the details required if we go with Option-2, so from where we can generate the highlighted part

      Cookie:XSRF-TOKEN=74cf354a-e871-48b6-a1c2-bebb93d00120
X-XSRF-TOKEN:74cf354a-e871-48b6-a1c2-bebb93d00120

      NOTE: we want to auto-login in mango application from our parent application which does accept username and password in json in request body
      Thanks and Regards
      Shubham Rajvanshi

      1 Reply Last reply Reply Quote 0
      • S
        shubham
        last edited by

        Hi,

        We tried using the steps, but I am getting forbidden response on the second instance as well. I am not sure if it could be the case that I am using the trial(free) Mango version.
        Following is the request and response(Even after replacing the XRSF token received in the 1st response.)
        Request:

        curl -v -X POST http://localhost:8080/rest/v2/login -d 'username=DineshTech&password=test@1234' -H "Accept:application/json; charset=UTF-8" -H "Content-Type:application/json; charset=UTF-8" -H "X-XSRF-TOKEN=631baff8-d352-47f1-9421-425732ab7e33"

Response:
"< Set-Cookie: XSRF-TOKEN=631baff8-d352-47f1-9421-425732ab7e33; Path=/
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Length: 0
"

        Even after the above works, we need to ensure that the UI uses the same XRSF token, so that UI is automatically logged in once API login request is success, and identify the cookie which needs updating with the XRSF token.

        Currently I have been able to successfully retrieve data sing Auth bearer(JWT) generated by Mango UI -> User Profile, see request/response below:
        Request:

        curl --request GET http://localhost:8080/rest/v1/users/current -H "Authorization:Bearer eyJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJEaW5lc2hUZWNoIiwiZXhwIjoxNTgyMDg0MjI0LCJpZCI6MSwidiI6MSwidHlwIjoiYXV0aCJ9.AfQ3m66nzVjAq_5GiyCLJJDcJVZSNJDoMkNt157YNmPbKV1avMH7bVq7gAmOt3hdCwlekUBahVuK-9v8J0FuSa35AbOGulOx8FGYp0ea4Qu_gZepa42fk041h8t4MHfll6CRVNuxwgKIaXWpa_U4_2N4soL2Qo6TFzcBqOXGUEuOddaz"

Response:
"{
""username"": ""DineshTech"",
""email"": ""dinesh@india.nec.com"",
""grantedPermissions"": [""excelReports.fileStoreWritePermission"", ""graphical.view.addView"", ""internal.status"", ""action.purgeAllPointValues"", ""SNMP_MIB_STORE_READ"", ""alarms.view"", ""reports.view"", ""graphical.view.upload"", ""filestore.user.create"", ""dataFile.compiledTemplateFileStoreReadPermission"", ""permissionDatasource"", ""dataFile.compiledTemplateFileStoreWritePermission"", ""action.log4jUtil"", ""excelreports.view"", ""legacypointdetails.view"", ""dataFile.templateFileStoreReadPermission"", ""graphical.view"", ""filestore.docs.read"", ""dataFileDataSourceREST"", ""watchlist.view"", ""haystack.server"", ""mailingLists.create"", ""action.purgeAllEvents"", ""users.view"", ""action.purgeUsingSettings"", ""action.sqlRestore"", ""action.excelReportPurge"", ""SNMP_MIB_STORE_WRITE"", ""filestore.docs.write"", ""filestore.public.write"", ""pointlinks.view"", ""action.configurationBackup"", ""permissions.user.sendToMailingList"", ""dataImport.view"", ""filestore.core.read"", ""action.reportPurge"", ""permissions.user.editSelf"", ""jsonData.create"", ""permissions.superadmin"", ""dataFile.templateFileStoreWritePermission"", ""filestore.core.write"", ""action.sqlBackup"", ""excelReports.fileStoreReadPermission""],
""sessionExpirationOverride"": false,
""sessionExpirationPeriod"": null,
""lastLogin"": ""2020-02-18T06:24:51.644Z"",
""lastPasswordChange"": ""2020-02-04T07:49:00.257Z"",
""organization"": ""NECTI"",
""organizationalRole"": ""Developer"",
""created"": ""2020-01-29T05:20:00.045Z"",
""emailVerified"": null,
""oldHashAlgorithm"": false,
""validationMessages"": null,
""password"": """",
""permissions"": ""superadmin, edit-ui-menus, edit-ui-pages, edit-ui-settings, user"",
""locale"": """",
""name"": ""Dinesh"",
""id"": 1,
""disabled"": false,
""homeUrl"": ""/ui/administration/home"",
""timezone"": """",
""systemTimezone"": ""GMT"",
""muted"": true,
""admin"": true,
""receiveOwnAuditEvents"": false,
""systemLocale"": ""en-US"",
""passwordLocked"": false,
""phone"": """",
""receiveAlarmEmails"": ""IGNORE"",
""data"": null
}"

        Thanks and Regards
        Shubham Rajvanshi

        1 Reply Last reply Reply Quote 0
        • MattFoxM
          MattFox
          last edited by

          So in a nutshell... you want to use a third party application to talk to mango via the API...
          But you can't get something to work?

          I cannot see what you're trying to ask.

          Fox

          Do not follow where the path may lead; go instead where there is no path.
          And leave a trail - Muriel Strode

          1 Reply Last reply Reply Quote 0
          • S
            shubham
            last edited by

            Hi Fox,

            What we are trying to do is to implement an autologin to mango. Mango UI in this case would be called from inside our our parent application.

            I believe one of the ways to achieve this is through generation of XSRF token and logging in using this token,

            I am hoping that having this token stored as a session cookie would let me login to the Mango UI application without prompting for username and password.

            1 Reply Last reply Reply Quote 0
            • CraigWebC
              CraigWeb
              last edited by

              Hi Shubham

              I received a 200 response from this command the token was copied from https://www.uuidgenerator.net/version4

              curl --location --request POST 'http:/localhost:8080/rest/v2/login' \
--header 'Accept: application/json' \
--header 'X-XSRF-TOKEN: 8c46bb86-5d56-4738-8de3-3864ec65a0a5' \
--header 'Content-Type: application/json' \
--header 'Cookie: XSRF-TOKEN=8c46bb86-5d56-4738-8de3-3864ec65a0a5' \
--data-raw '{
    "username": "admin",
    "password": "admin"
}'
              1 Reply Last reply Reply Quote 0
              • MattFoxM
                MattFox
                last edited by

                Thanks Craig, so as can be seen @shubham, a cookie is in fact generated and part of the header payload.

                Do not follow where the path may lead; go instead where there is no path.
                And leave a trail - Muriel Strode

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post