Vikunja API and Cloudron
-
I'd like to utilize the Vikunja API. However, it looks like all of the requests require JWT-Auth with the exception of calDAV requests. If I'm reading the API docs correctly then this would require Open ID Connect to utilize the API.
Has anyone here been able to set this up? I believe Vikunja user management is currently handled by the app and it looks like we can configure Open ID in the config.yml — I assume changes made here would persist through upgrades?
I found this forum topic on using Kopano Meet as an OIDC provider. This looks promising. Is anyone else using an app that is dedicated to authentication like Authelia or Keycloak on Cloudron?
Lastly, would doing something like this require changing the CSP headers? This is where I start to get lost.
Thanks in advance for any input!
-
@colonelpanic I think you have to call https://try.vikunja.io/api/v1/docs#tag/user/paths/~1login/post which will give you the JWT token that you can use in the Authentication header for future requests.
-
@colonelpanic said in Vikunja API and Cloudron:
Lastly, would doing something like this require changing the CSP headers? This is where I start to get lost.
You can override the CSP from the Cloudron dashboard - https://docs.cloudron.io/apps/#custom-csp .
-
@girish - Oh geez. I feel like an idiot for missing that. Thanks for pointing it out! Now I just need to figure out the one time password portion. Thanks!
Also, in regards to CSP. I know they can be edited there, I was just not sure if it would be necessary to add something if using OIDC. It is now irrelevant with the info you provided.
Thanks again!
-
@colonelpanic said in Vikunja API and Cloudron:
Now I just need to figure out the one time password portion
I think that's only if you have some TOTP configured?
-
@colonelpanic said in Vikunja API and Cloudron:
if it would be necessary to add something if using OIDC
No, generally this is not necessary. CSPs would need to be adapted if (maybe abstract example) you embed one app into another. But for oidc you usually redirect to another domain/service.
-
@girish, I am using a OTP with Vikunja—but I opted to create a new user and share only the lists I want to automate with that user. I think I'm good to go for now.
@fbartels, thanks for confirming! I have more questions regarding CSP, but I'll try to do some research on my own and start a new topic in the correct category if needed.
-
Hi! (Vikunja dev here)
As @girish correctly pointed out, you don't need to enable openid to use the api. In fact, when you're using the Vikunja Frontend or Desktop app it already uses the api. The login endpoint is your way to go to get the api token.
I hope to build "classic" api tokens in the future you may know from other websites (like github) where you can create a long-lived token in the user settings and use it without a login.
