Add token support

[skyfore]

Is your feature request related to a problem? Please describe.

No

Describe the solution you'd like

By adding token support, we are able to retrieve information, such as lists of websites, using tokens through API requests.

[tilalx]

Hi,
couldn`t you not just request

curl 'http://localhost:81/api/tokens' \
  -H 'Content-Type: application/json; charset=UTF-8' \
  --data-raw '{"identity":"[Your Email]","secret":"[Your Secret]"}' \
  --compressed

returns

{
    "token": "[Your Token]",
    "expires": "2024-01-11T18:13:18.525Z"
}

then you can get all websites for example via:

curl -X GET 'http://localhost:81/api/nginx/proxy-hosts' \
     -H 'Authorization: Bearer [Your Token]' \
     -H 'Accept: application/json'

returns

[
    {
        "id": 1,
        "created_on": "2023-01-01T00:00:00.000Z",
        "modified_on": "2023-01-02T00:00:00.000Z",
        "owner_user_id": 123,
        "domain_names": [
            "example.com",
            "www.example.com"
        ],
        "forward_host": "192.0.2.1",
        "forward_port": 8080,
        "access_list_id": 0,
        "certificate_id": 1234,
        "ssl_forced": 1,
        "caching_enabled": 0,
        "block_exploits": 1,
        "advanced_config": "location ~* \\.(css|js)$ { expires 7d; ... }",
        "meta": {
            "letsencrypt_agree": false,
            "dns_challenge": false,
            "nginx_online": true,
            "nginx_err": null
        },
        "allow_websocket_upgrade": 1,
        "http2_support": 1,
        "forward_scheme": "http",
        "enabled": 1,
        "locations": [
            {
                "path": "/examplepath1",
                "advanced_config": "",
                "forward_scheme": "http",
                "forward_host": "192.0.2.2",
                "forward_port": 8081
            },
            {
                "path": "/examplepath2",
                "advanced_config": "",
                "forward_scheme": "http",
                "forward_host": "192.0.2.3",
                "forward_port": 8082
            }
        ],
        "hsts_enabled": 1,
        "hsts_subdomains": 1,
        "owner": {
            "id": 123,
            "created_on": "2023-01-01T00:00:00.000Z",
            "modified_on": "2023-01-02T00:00:00.000Z",
            "is_deleted": 0,
            "is_disabled": 0,
            "email": "[email protected]",
            "name": "John Doe",
            "nickname": "JDoe",
            "avatar": "//www.gravatar.com/avatar/example",
            "roles": [
                "admin"
            ]
        },
        "access_list": null,
        "certificate": {
            "id": 1234,
            "created_on": "2023-01-01T00:00:00.000Z",
            "modified_on": "2023-01-01T00:00:00.000Z",
            "owner_user_id": 123,
            "is_deleted": 0,
            "provider": "other",
            "nice_name": "*.example.com",
            "domain_names": [
                "*.example.com"
            ],
            "expires_on": "2024-01-01T23:59:59.000Z",
            "meta": {}
        }
    }
]

[skyfore]

@tilalx thanks very much, really helpful !

But this method relies on your account and password, which can sometimes be insecure.

[elchusco]

Thanks @tilalx, couldn't find any relaterd information on how to process token retrieval. Is it documented somewhere that I missed ?

[gadget78]

@tilalx thanks very much, really helpful !

But this method relies on your account and password, which can sometimes be insecure.

once you have created a token, you dont need to use the user/pass anymore.
plus you can set/increase the timeframe the token expires from the default of a day ..

curl "http://192.168.1.10:81/api/tokens" -H "Content-Type: application/json; charset=UTF-8" --data-raw '{"identity":"email@address","secret":"place-password-here","expiresIn":"1y"}

also for docs, ive been using this location, to work out what to do ..
https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/backend/routes/api

[skyfore]

@tilalx thanks very much, really helpful !
But this method relies on your account and password, which can sometimes be insecure.

once you have created a token, you dont need to use the user/pass you can set the timeframe the token expires in ..

`curl "http://192.168.1.10:81/api/tokens" -H "Content-Type: application/json; charset=UTF-8" --data-raw '{"identity":"email@address","secret":"place-password-here","expiresIn":"1y"}'``

also for docs, ive been using this location, to work out what to do .. https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/backend/routes/api

Thank you, this is really helpful.

[TheCuteFoxxy]

@tilalx thanks very much, really helpful !
But this method relies on your account and password, which can sometimes be insecure.

once you have created a token, you dont need to use the user/pass anymore. plus you can set/increase the timeframe the token expires from the default of a day ..

curl "http://192.168.1.10:81/api/tokens" -H "Content-Type: application/json; charset=UTF-8" --data-raw '{"identity":"email@address","secret":"place-password-here","expiresIn":"1y"}

also for docs, ive been using this location, to work out what to do .. https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/backend/routes/api

Is the "expiresIn" actively working for you? No matter what I've tried, I cannot get it to expire any later than 1 day.

[tilalx]

Replace "expiresIn":"1y" with "expiry": "1y". When I do this, it returns the following response:
{ "token": "ey...", "expires": "2025-08-27T07:30:06.209Z" }

[moutasem1989]

Hello @tilalx ! I came across your post trying to understand JWT Authentication.

curl 'http://localhost:81/api/tokens' \
  -H 'Content-Type: application/json; charset=UTF-8' \
  --data-raw '{"identity":"[Your Email]","secret":"[Your Secret]"}' \
  --compressed

Can NPM also automatically authenticate and fetch the Token to bypass the login screen ?
I have done this successfully for services that use Basic HTTP Authentication but not the ones that use JWT Authentication like NPM itself.
My purpose is to find a workaround and authenticate in to services with Authentik and bypass log in screen.

[rahulparekh]

Replace "expiresIn":"1y" with "expiry": "1y". When I do this, it returns the following response: { "token": "ey...", "expires": "2025-08-27T07:30:06.209Z" }

For anyone reading this as of today, expiry has to be passed in as a query param instead of request body. Like this:

curl 'http://localhost:81/api/tokens?expiry=10y' \
  -H 'Content-Type: application/json; charset=UTF-8' \
  --data-raw '{"identity":"[Your Email]","secret":"[Your Secret]"}' \
  --compressed

https://github.com/NginxProxyManager/nginx-proxy-manager/blob/develop/backend/routes/tokens.js#L28

[Erreur32]

I have updated my script using http://localhost:81/api/tokens?expiry=10y, but the token still expires after one day. I also tried:

TOKEN_EXPIRY="365d"
TOKEN_EXPIRY="31536000s"
TOKEN_EXPIRY="1y"

However, it still expires after one day. Has anyone else encountered this issue @rahulparekh ?

[rahulparekh]

I have updated my script using http://localhost:81/api/tokens?expiry=10y, but the token still expires after one day. I also tried:

TOKEN_EXPIRY="365d"
TOKEN_EXPIRY="31536000s"
TOKEN_EXPIRY="1y"

However, it still expires after one day. Has anyone else encountered this issue @rahulparekh ?

Try this:

#3265 (reply in thread)