On Wed, Aug 14, 2019 at 05:19 Lukas Krempler <l.kremp...@gmail.com> wrote:

> Hey Nick!
> Thanks for that input. I couldn't find any documentation about the Web
> API. :/

Yes, there is an open issue out there for documenting the API.  There isn't
much on our right now - you can either watch the Network tab in the browser
developer console to see the calls, or you can look through the Java and
Javascript code.

> So is it correct, there is no way to login with the Web API with TOTP?

I believe you should be able to log in to the web API with TOTP - the
AngularJS application uses the API to do this and it works fine.  You'll
just have to figure out what API calls need to be made and use then in the
code/script you're writing.

That the user can read the active session, he must have admin privileges.
> But if the user had admin rights, there is no way to disable the 2FA
> authentication.

Right now users can see their own active sessions, and some limited
information about other active sessions (no username), but, yes, you have
to have administrative privileges in Guacamole to see all the information
about all active sessions.



Reply via email to