Rocket.chat: Permission users-generate-access-token not working

Created on 24 Sep 2019  路  6Comments  路  Source: RocketChat/Rocket.Chat

I'm trying to generate a user access token using this API endpoint:

/api/v1/users.createToken

My headers for X-Auth-Token and X-User-Id is correctly set, I can perform other actions such as registering users etc. I have the Admin role and the Admin role has the users-generate-access-token permission.

However it returns this error message:

{ "success": false, "error": "Not authorized [error-not-authorized]", "errorType": "error-not-authorized" }

I've tried creating a new role and giving it the users-generate-access-token permission and then assigning that role to my account but still the same issue. Is there some other permission or settings that would prevent this from working?

api rest stale
Source
picture daniel-van-niekerk

Most helpful comment

this worked for us:

  1. Put CREATE_TOKENS_FOR_USERS=true in /lib/systemd/system/rocketchat.service
    (/etc/environment does not take effect)
  2. Reboot the OS
    (just restarting the node process it does not take effect)
picture justinscottroman on 14 Apr 2020
👍2

All 6 comments

Hi @daniel-van-niekerk, What version of the server you are running? If it is the latest v2.1.0, we added a ENV VAR on that endpoint, that means you won't be able to create tokens without this ENV VAR defined.
Please take a look on: https://github.com/RocketChat/Rocket.Chat/pull/15334

MarcosSpessatto picture MarcosSpessatto on 24 Sep 2019

@daniel-van-niekerk I corrected it by following this direction and changed the ENV VAR: https://rocket.chat/docs/installation/manual-installation/ubuntu/snaps/#how-do-i-change-other-environmental-variables-in-my-snap

Thank you @MarcosSpessatto for pointing me in the right direction!

johannel00 picture johannel00 on 6 Nov 2019
👍1

This is actually quite a big breaking change for us at Claromentis, as we depend on this endpoint to log in RocketChat users that are synchronised with our platform. The documentation does not make it clear that the value of the environment variable needs to be set to exactly yes or true.

This can be seen in the code of the merge request you linked, @MarcosSpessatto:

Please document this more clearly here:

And please make that error message a little clearer as to what the problem is. "Not authorized [error-not-authorized]" wasn't very helpful. :slightly_smiling_face:

It's also quite astonishing to see that the end to end tests for the endpoint were completely removed in this #15334 change, instead of testing that they behave correctly with and without the environment variable defined.

On top of this, it's listed as a bug fix in the 2.1.0 change log instead of a breaking change:

hexus picture hexus on 23 Mar 2020
👍2

@MarcosSpessatto and @sampaiodiego, would either of you care to comment on this?

hexus picture hexus on 26 Mar 2020

this worked for us:

  1. Put CREATE_TOKENS_FOR_USERS=true in /lib/systemd/system/rocketchat.service
    (/etc/environment does not take effect)
  2. Reboot the OS
    (just restarting the node process it does not take effect)
justinscottroman picture justinscottroman on 14 Apr 2020
👍2

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] picture github-actions[bot] on 24 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

amayer5125 picture amayer5125  路  3Comments
engelgabriel picture engelgabriel  路  3Comments
antn89 picture antn89  路  3Comments
Buzzele picture Buzzele  路  3Comments
mddvul22 picture mddvul22  路  3Comments