On Tue, May 10, 2022, 06:00 MAURIZI Lorenzo <[email protected]>
wrote:
> Dear all,
>
> just after solving a problem, here I am with another one!
>
>
>
> I would like to build some automated reports, for example a daily e-mail
> with the list of the connections made in the previous day.
>
> For this task, I've been thinking about using REST API.
>
>
>
> I would be happy to share the resulting bash script if anyone interested.
>
>
>
> In my installation the TOTP 2FA extension is active, so when sending
> username and password to /api/tokens, I obtain this json response:
>
>
>
> {
> "message": "A TOTP authentication code is required before login can
> continue",
> "translatableMessage": {
> "key": "TOTP.INFO_CODE_REQUIRED",
> "variables": null
> },
> "statusCode": null,
> "expected": [ {
> "name": "guac-totp",
> "type": "GUAC_TOTP_CODE"
> }],
> "type": "INSUFFICIENT_CREDENTIALS"
> }
>
>
>
> I tried to put a third guac-totp parameter to the /api/tokens POST data
> alongside username and password, but without success, as it returns the
> same message.
>
>
>
> Which is the correct way to handle API authentication when using the TOTP
> extension?
>
That is the correct way to handle the request. In addition to the correct
username and password, include the current, correct TOTP code for that user
as the "guac-totp" parameter.
You can see this happen in practice if you open up dev tools in your
browser, log in with your own user account, and observe the contents of the
successful POST to /api/tokens.
- Mike
