File: apidocs/overview.md
All the API docs are okay at explaining the api methods and actions, but nowhere does it explain how to authenticate. Do users have tokens? Is there an auth method?
I've updated the title of this issue to make it more obvious.
It seems that right now DTR doesn't have an authentication endpoint, but you can authenticate your requests using basic authentication. Here's an example
curl -k --user <username>:<password> <dtr-url>/api/v0/meta/settings
You have to use the following APIs for login
GET https://172.17.0.1/api/v0/openid/begin
This api will create cookie i.e csrf_redirect_state_key and give you authorization URL
POST https://172.17.0.1:444/enzi/v0/id/login
Body POST data:
{"username":"admin","password":"password"}
This API will return you authorization token, use this token token as header in the next call
POST https://172.17.0.1:444/enzi/v0/id/authorize
POST data:
scope=openid&response_type=code&client_id=65bb15b7-c1e6-4278-801b-b3c4b7baa84e&redirect_uri=https%3A%2F%2F172.17.0.1%2Fapi%2Fv0%2Fopenid%2Fcallback&response_type=code&scope=openid&state=eyJyZWRpcmVjdE5leHQiOiIiLCJyZWRpcmVjdFVSSSI6Imh0dHBzOi8vMTcyLjE3LjAuMS9hcGkvdjAvb3BlbmlkL2NhbGxiYWNrIn0.3pQ05IN7_dRW_fNXi19m7k-vDbBZz8K_xwbriNrasD8
client_id data was already got from /api/v0/openid/begin API call header you have to use this in the body of above call
This call will return you another opencall back api link.
Hit the open back url that was returned after removing some values
e.g GET https://172.17.0.1/api/v0/openid/callback?code=f45dbf0b-aaa3-4fd3-a94a-48ccc3a6c59b&state=eyJyZWRpcmVjdE5leHQiOiIiLCJyZWRpcmVjdFVSSSI6Imh0dHBzOi8vMTcyLjE3LjAuMS9hcGkvdjAvb3BlbmlkL2NhbGxiYWNrIn0.3pQ05IN7_dRW_fNXi19m7k-vDbBZz8K_xwbriNrasD8
This call will created two more cookies values like
Set-Cookie: session=c87ef519-d654-4c16-8f15-2dcfa92c2b94; Path=/; Expires=Sat, 16 Apr 2022 13:48:05 GMT; HttpOnly; Secure
Set-Cookie: csrftoken=75bc475b-38a2-4785-8b62-ae2f0ca69dd3; Path=/; Expires=Sat, 16 Apr 2022 13:48:05 GMT; Secure
Now you can use any call by adding X-Csrf-Token in the header by using csrftoken.
If you are still unable to login I can provide you my jmx files of jmeter , you can message me
@akbar-10p thanks for posting this info! I'm not sure that authentication method is officially supported and will continue working in the future, so if you're looking at this issue for the DockerCon hackathon, document how to authenticate to DTR using basic authentication instead of this openid handshake.
@joaofnfernandes , yes it is the basic authentication method used by DTR.
You will be able to login by using only login call but it wont create the required cookies.
So this method is correct as far as my research work
Sorry for being ambiguous. What I'm saying is that you should use HTTP basic authentication (pass the user/pass on all HTTP requests), like:
curl -k --user <username>:<password> <dtr-url>/api/v0/meta/settings
curl -X GET \
https://<dtr-url> /api/v0/openid/begin \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \
-H 'accept-encoding: gzip, deflate, br' \
-H 'content-type: application/json' \
-H 'host:
-H 'upgrade-insecure-requests: 1'
curl -X POST \
https:// <dtr-url> :444/enzi/v0/id/login \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \
-H 'accept-encoding: gzip, deflate, br' \
-H 'content-type: application/json' \
-H 'upgrade-insecure-requests: 1' \
-d '{"username":"admin","password":"password"}'
curl -X POST \
https://<dtr-url>:444/enzi/v0/id/authorize \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \
-H 'accept-encoding: gzip, deflate, br' \
-H 'authorization: SessionToken <From Login call>' \
-d ' scope=openid&response_type=code&
curl -X GET \
https://<dtr-url>/api/v0/openid/callback?code<code from the above call returned>&<state from the above call returned> \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \
-H 'accept-encoding: gzip, deflate, br' \
-H 'authorization: SessionToken <From Login call>'
-H 'content-type: application/json'
curl -X GET \
https://<dtr-url>/api/v0/meta/features \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' \
-H 'accept-encoding: gzip, deflate, br' \
-H 'content-type: application/json' \
-H 'upgrade-insecure-requests: 1' \
-H 'x-csrf-token:
I've filed a PR upstream so that this information gets included directly in the product. As mentioned previously, you should use HTTP basic auth for authentication.
curl -ks --user <username>:<password> <dtr-url>/api/v0/repositories
Which returns something like
{
"repositories": [
{
"id": "c9f92841-15b2-42a5-9e3b-ff79356bc537",
"namespace": "alpha",
"namespaceType": "organization",
"name": "nginx",
"shortDescription": "",
"visibility": "public",
"scanOnPush": false,
"immutableTags": false,
"enableManifestLists": false,
"pulls": 0,
"pushes": 0
}
]
}
Most helpful comment
You have to use the following APIs for login
GET https://172.17.0.1/api/v0/openid/begin
This api will create cookie i.e csrf_redirect_state_key and give you authorization URL
POST https://172.17.0.1:444/enzi/v0/id/login
Body POST data:
{"username":"admin","password":"password"}
This API will return you authorization token, use this token token as header in the next call
POST https://172.17.0.1:444/enzi/v0/id/authorize
POST data:
scope=openid&response_type=code&client_id=65bb15b7-c1e6-4278-801b-b3c4b7baa84e&redirect_uri=https%3A%2F%2F172.17.0.1%2Fapi%2Fv0%2Fopenid%2Fcallback&response_type=code&scope=openid&state=eyJyZWRpcmVjdE5leHQiOiIiLCJyZWRpcmVjdFVSSSI6Imh0dHBzOi8vMTcyLjE3LjAuMS9hcGkvdjAvb3BlbmlkL2NhbGxiYWNrIn0.3pQ05IN7_dRW_fNXi19m7k-vDbBZz8K_xwbriNrasD8
client_id data was already got from /api/v0/openid/begin API call header you have to use this in the body of above call
This call will return you another opencall back api link.
Hit the open back url that was returned after removing some values
e.g GET https://172.17.0.1/api/v0/openid/callback?code=f45dbf0b-aaa3-4fd3-a94a-48ccc3a6c59b&state=eyJyZWRpcmVjdE5leHQiOiIiLCJyZWRpcmVjdFVSSSI6Imh0dHBzOi8vMTcyLjE3LjAuMS9hcGkvdjAvb3BlbmlkL2NhbGxiYWNrIn0.3pQ05IN7_dRW_fNXi19m7k-vDbBZz8K_xwbriNrasD8
This call will created two more cookies values like
Set-Cookie: session=c87ef519-d654-4c16-8f15-2dcfa92c2b94; Path=/; Expires=Sat, 16 Apr 2022 13:48:05 GMT; HttpOnly; Secure
Set-Cookie: csrftoken=75bc475b-38a2-4785-8b62-ae2f0ca69dd3; Path=/; Expires=Sat, 16 Apr 2022 13:48:05 GMT; Secure
Now you can use any call by adding X-Csrf-Token in the header by using csrftoken.
If you are still unable to login I can provide you my jmx files of jmeter , you can message me