On Wed, Aug 14, 2019 at 05:19 Lukas Krempler <l.kremp...@gmail.com> wrote:
> > Hey Nick! > > Thanks for that input. I couldn't find any documentation about the Web > API. :/ > Yes, there is an open issue out there for documenting the API. There isn't much on our right now - you can either watch the Network tab in the browser developer console to see the calls, or you can look through the Java and Javascript code. > So is it correct, there is no way to login with the Web API with TOTP? > I believe you should be able to log in to the web API with TOTP - the AngularJS application uses the API to do this and it works fine. You'll just have to figure out what API calls need to be made and use then in the code/script you're writing. That the user can read the active session, he must have admin privileges. > But if the user had admin rights, there is no way to disable the 2FA > authentication. > Right now users can see their own active sessions, and some limited information about other active sessions (no username), but, yes, you have to have administrative privileges in Guacamole to see all the information about all active sessions. -Nick >
