Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

Problems using the new v3 authentication

Dashboard Designer & Custom AngularJS Pages
Log in to reply
  • H

    I'm trying to implement the new login as described in https://help.infiniteautomation.com/mango-rest-api-authentication/ but I keep getting a response of 401 Unauthorized. admin/admin is a valid login at the address provided in CURLOPT_URL, and $_SESSION['token'] is set. This is in PHP, using Mango v3.0.2, Windows 8, Chrome 57

    $token = $_SESSION['token'];

$authentication = array();
$authentication['username'] = 'admin';
$authentication['password'] = 'admin';

$curl = curl_init();
$headers = array(
	'Accept: application/json',
	'logout: true',
	'Cookie:XSRF-TOKEN='.$token,
	'X-XSRF-TOKEN:'.$token
);
curl_setopt_array($curl, array(
	CURLOPT_RETURNTRANSFER => TRUE,
	CURLOPT_VERBOSE => TRUE,
	CURLOPT_HEADER => TRUE,
	CURLOPT_HTTPHEADER => $headers,
	CURLOPT_POST => TRUE,
	CURLOPT_POSTFIELDS => json_encode($authentication),
	CURLOPT_URL => 'http://<ip_address>:8080/rest/v2/login/'
));
$response = curl_exec($curl);
    0
  • Jared Wiltshire

    So $token contains some pre-generated random token?

    I would try and remove the logout header for starters. You may also need the content type header.

    H 2 Replies 0
  • Jared Wiltshire

    PS here is a demo client for Node.js you might want to look at -
    https://github.com/infiniteautomation/node-mango-client

    Its written for Mango v3.

    0
  • H

    @Jared-Wiltshire adding 'Content-Type:application/json;charset=UTF-8' and removing 'logout: true' doesn't change the response.

    $token is generated via:

    $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); if mcrypt_create_iv exists, or

    $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); if it doesn't,

    so yes, it contains a pre-generated random token.

    H 1 Reply 0
  • H

    This post is deleted!
    0
  • H

    I got it to work with the following code:

    $token = $_SESSION['token'];

$authentication = '{"username":"admin","password":"admin"}';

$curl = curl_init();
$headers = array(
	'Accept: application/json',
	'Content-Type: application/json;charset=UTF-8',
	'Connection: keep-alive',
	'Cache-Control: no-cache',
	'logout: true',
	'Cookie:XSRF-TOKEN='.$token,
	'X-XSRF-TOKEN:'.$token
);
curl_setopt_array($curl, array(
	CURLOPT_RETURNTRANSFER => TRUE,
	CURLOPT_VERBOSE => TRUE,
	CURLOPT_HEADER => TRUE,
	CURLOPT_HTTPHEADER => $headers,
	CURLOPT_POST => TRUE,
	CURLOPT_POSTFIELDS => $authentication,
	CURLOPT_URL => 'http://<ip_address>:8080/rest/v2/login'
));
$response = curl_exec($curl);
    0
  • phildunlap

    Thanks for sharing your resolution!

    0