HTTP Basic Auth Expired Credentials

[andymarden]

I am using Authentik to provide HTTP Basic Auth to Timetagger. I have setup a proxy provider in Authentik which takes the username and password and passes them in X-Authentik-Username and X-Authentik-Password respectively (the default).

Timetagger gives me: unauthorized: The webtoken has expired (after 14 days)

My docker compose has this in it:

      - TIMETAGGER_BIND=0.0.0.0:80
      - TIMETAGGER_DATADIR=/root/_timetagger
      - TIMETAGGER_LOG_LEVEL=info
      - TIMETAGGER_PROXY_AUTH_ENABLED=True
      - TIMETAGGER_PROXY_AUTH_TRUSTED=192.168.0.180
      - TIMETAGGER_PROXY_AUTH_HEADER=X-Authentik-Username

What could be the issue here? Could it be that the error is misleading and actually null is being passed for the username? Authentik and Timetagger are both funning as docker containers on the same host (192.168.0.180) - is that the issue - should I use the docker internal IP address?Could it be that I used to run with fixed users in the docker compose? Am I supposed to generate a token in some way and pass that in?

It is getting through nginx as the reverse proxy which proxy passes to authentik which then forwards to timetagger internally. Authentik is set to pass username and password in the Proxy config in Authentik.

Unhelpfully, there is nothing at all in the docker log for the timetagger container.

Any ideas?

[almarklein]

I have never tried a setup like this myself; this was all contributed by others. You can have a look at the __main__.py to see what the server does.

If the web app gives unauthorized that's a signal that the authentication indeed does not work; it has not been able to refresh the webtoken with your authentication method.

One thing that looks odd, should the - TIMETAGGER_PROXY_AUTH_HEADER=X-Authentik-Username not be X-Authentik?