-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SignalK Authentication #3807
Comments
Yes, looks like a good cross platform library. My Windows knowledge is a tad out of date, I'd forgotten about Credential Vault, which is probably better suited to this purpose. Can't comment on the other platforms. However I don't understand the benefit of using an Authorization token. |
Benefit seems pretty clear to me:
Or did i misunderstood what you don't understand? |
We have added signalK tracking in the NMEA Debug window. |
If the token has been incorrectly entered or the token has expired or been revoked, the NMEA Debug Window is empty. The user may not know why they are not receiving data, perhaps thinking it is a communications or SignalK error. I don't think the logon error that SignalK returns (IIRC something like "statusCode":401) is displayed or logged by OpenCPN. |
If the SignalK Server admin has disabled read only access, OpenCPN in its default configuration does not receive delta updates, as expected. However there is no visual indication other than the GPS satellite icon and nothing in the log that indicates that no data is received.
I expect O receives the SignalK Server announcement, which I presume it takes to mean everything is OK.
Authorization Token.
a. Do we really expect users to run signalk-generate-token ?
b. Currently it does not seem to be persisted, nor retrieved from the configuration file. We can agree to disagree on the merits of storing a token that grants access to a remote device in clear text as discussed . On Windows, in general you would use the Data Protection API (DPAPI) to securely store secrets. I'm not familiar with the corresponding API's on Mac or Linux. Mentioned towards the end of #3757
c. If an invalid or expired token is used, there is no indication of the authentication failure and no entry in the log. An invalid token will cause SignalK to respond with a HTTP 401 response upon the initial attempt to connect the web socket.
At least the good news is that the authorization token works, so clearly O is setting the RequestHeader correctly.
The text was updated successfully, but these errors were encountered: