Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignalK Authentication #3807

Open
TwoCanPlugIn opened this issue Apr 10, 2024 · 6 comments
Open

SignalK Authentication #3807

TwoCanPlugIn opened this issue Apr 10, 2024 · 6 comments
Labels
enhancement

Comments

@TwoCanPlugIn
Copy link
Contributor

  1. If the SignalK Server admin has disabled read only access, OpenCPN in its default configuration does not receive delta updates, as expected. However there is no visual indication other than the GPS satellite icon and nothing in the log that indicates that no data is received.
    I expect O receives the SignalK Server announcement, which I presume it takes to mean everything is OK.

  2. Authorization Token.
    a. Do we really expect users to run signalk-generate-token ?

b. Currently it does not seem to be persisted, nor retrieved from the configuration file. We can agree to disagree on the merits of storing a token that grants access to a remote device in clear text as discussed . On Windows, in general you would use the Data Protection API (DPAPI) to securely store secrets. I'm not familiar with the corresponding API's on Mac or Linux. Mentioned towards the end of #3757

c. If an invalid or expired token is used, there is no indication of the authentication failure and no entry in the log. An invalid token will cause SignalK to respond with a HTTP 401 response upon the initial attempt to connect the web socket.

At least the good news is that the authorization token works, so clearly O is setting the RequestHeader correctly.
@nohal
Copy link
Collaborator

nohal commented Apr 10, 2024

Perhaps https://github.com/mamba-org/libcred

@TwoCanPlugIn
Copy link
Contributor Author

Yes, looks like a good cross platform library. My Windows knowledge is a tad out of date, I'd forgotten about Credential Vault, which is probably better suited to this purpose. Can't comment on the other platforms.

However I don't understand the benefit of using an Authorization token.

@nohal
Copy link
Collaborator

nohal commented Apr 12, 2024
edited

Benefit seems pretty clear to me:

  • Without the token, impossible to connect to Signal K server with authentication enabled
  • With the token, possible to connect to Signal K server with authentication enabled

Or did i misunderstood what you don't understand?

@rgleason
Copy link
Collaborator

I know it is in Windows 8, 10, 11 (don't remember about Win7)
Credential-Manager

@bdbcat
Copy link
Member

bdbcat commented Apr 22, 2024

We have added signalK tracking in the NMEA Debug window.
Converting this issue to "Enhancement"

@bdbcat bdbcat added enhancement and removed bug labels Apr 22, 2024
@TwoCanPlugIn
Copy link
Contributor Author

We have added signalK tracking in the NMEA Debug window.

If the token has been incorrectly entered or the token has expired or been revoked, the NMEA Debug Window is empty.

The user may not know why they are not receiving data, perhaps thinking it is a communications or SignalK error.

I don't think the logon error that SignalK returns (IIRC something like "statusCode":401) is displayed or logged by OpenCPN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nohal @bdbcat @rgleason @TwoCanPlugIn