We have a requirement to login user(actually first user > server:admin) to speckle server on our .net Core Server. We are dockerizing our server and was hoping to read admin credentials from environment file and login(first login)/register to speckle server while we are initializing our .net core server.
Is there a way to do that with some endpoint like in the v1(UserLoginAsync)?
Iāll ask a bit of an extra question: why do you need to programatically login? Is it to create an access token, or start scaffolding extra info?
In v2, you cannot simply āloginā - you (as a speckle app) need to request authorisation from the user to act on his behalf, and then youāll get a token. Thereās a difference as well between first party apps (pre-registered) and third-part apps (dynamically registered) - the scopes that are available to them are different (less in the case of the latter).
I suspect, (pending your answer of course - it might change things completely!) that this is pretty much backend-to-backend communication. If thatās the case, the simplest way might be to write some post-install scripts on your speckle server deployment to do what is needed (e.g., pre-register your server as an app, or even insert users, tokens, etc. in the databaseā¦).
We need programmatically login to be able to subscribe specific streams. If our server down and up we have to subscribe streams again. Since we do not have any Account to initialize speckle gql client at this point, we wanted to use admin credentials to do that.
I have a question regarding implementation of pre-registered apps. Is that something like speckle main app(frontend) or GQL explorer?
If your server is down, or donāt want to rely on webhooks either, you could even just poll every minute or five or xxx the activity stream of the streams youāre interested in.
Thank you for the information! Unfortunetaly, webhooks does not help us also, because we are doing changes in some streams when we notified by subscription or webhooks. We do not need the register webhook again on restart which solves issue on startup. However, we will need the Account when we notified by webhook/subscription to do changes on streams.
Okay, hereās what you need to do then - of the top of my head:
pre-register your server application on the speckle server (make sure youāre setting scopes to āallā if the intention is for full access). You can do so by by modifying this file: speckle-server/defaultApps.js at main Ā· specklesystems/speckle-server Ā· GitHub
Alternatively, this can be done with a script that just inserts the correct data in the database, so you donāt need to modify the source. Youāll need to run this script post-install, so it does mean some changes in the docker file.
register your first user via the standard auth flow:
youāll need to send a post request to /auth/register; you will get an access code. Include your appId and a randomly generated challenge.
exchange the access code for a token and refresh token via /auth/token, including your appId, appSecret and the challenge from the previous step.
profit! you now have an admin level api token
This sounds all quite confusing - i know! To help understand the flow, you can have a look at the handshakes that the frontend application is going through with the server, as itās the same flow.
Mind you, I havenāt followed this along myself, so if I have time iāll see if I can cook something up if you donāt manage to get it working!
Hello Dimitrie,
I work in the same team as Baris and I tried your solution. The link āhttp://localhost/auth/registerā doesnt seem to work for me. This gets me an error: āCannot POST /auth/registerā. Instead I tried using /authn/register which seems to work but than I get an 405 error. I sent the request using Postman as a POST-Request with Headers: Content-Type: application/json and Body: appId: ā{myAppId}ā challenge: ārandomChallengeā appSecret: ā{myAppSecret}ā. This Postrequest returns a 405 response. The App and its AppId and AppSecret is registered in my DB under server_apps. Do you have an idea why Iām not allowed to post to this url? Thanks in advance
Hey! Gotcha - itās an easy fix. Those are frontend routes. The API is at server_url/auth/register - thatās where you need to send your POST requests.
Thankfully I double checked. Theyāre actually at:
We know this is bad, and itās within our roadmap (maybe @cristi will flag an issue if this is not flagged already) we want to move all api routes to a slash api prefix.
Hello, first of all thank you for the quick replies. But this one gets me a little bit confused. Sending a request to this route always gets me an āInvalid request: no challenge detected.ā error, even though the challenge is in the request body. I also made sure there is no typo. And looking at the code, it seems like this endpoint also expects the request to have an user and a password for registration. The route that Iām using is āhttp://localhost:80/auth/local/registerā. I think that I am really close now, just missing a little bit
Hello izzy that seems to work so far. I can register new users through this route. The users are added to the database and I can see them. The only problem remaining is, that I dont get an accessCode in the response after registering or logging in. Instead I just get a new error message saying: " Weāre sorry but Speckle doesnāt work properly without JavaScript enabled. Please enable it to continue." Here is a screenshot of postman.
if you look down a bit further form the snippet I linked, you can see the access code will actually be in the redirect URL
you wonāt get it in the preview in postman which will just be a webpage. not sure where you look in postman to find the redirect url (I donāt use postman very much tbh), but i know you can just turn off the auto redirect like this (second option in the settings toggled off):
Ok, so weāre getting there! I got my accessCode and now Iām only missing the token. I tried the same code you wrote in your github seeder but I still get an 401 error saying āInvalid request: application id does not match.ā I also get the same error when using postman. Here is a screenshot:
@Mark_Eskander, I iām wrong in my answer there, register routes donāt need appids. @mgerhardt i think your request borks as youāre using the wrong encoding (form encoding). Havenāt used postman in ages, but if I recall correctly, you need to use ārawā and paste in a json formatted string.
If you give me some time, Iāll try and write a quick .net console app that goes through the motions.
Hey izzy, do you maybe have an idea why I get an accessToken with appId and appSecret set to āspklwebappā like you did in your seeder but not with my custom id and secret? Maybe I have to configure something in my database that I have missed to make this work?