Using a token from localStorage, getting unauthorized 401 error

[jmcre...@peachtreebilling.com]

Hello all,

I am writing a chrome extension that is going to make a new user story from a specifically formatted issue. I does this by using the api to get things like the issue description, issue subject, and project id. Since the extension can only be run from an issue page while the user is already logged into Taiga, I don't want to have to make the user log back in. So I have been able to get the token out of local storage but when I try to use it it returns an unauthorized 401 error. Is there a way to accomplish the desired result? Am I missing a step? Or maybe someone knows a better way to get this functionality.

Thank you for your time,

Jared

[David Barragán]

Hi you can get the token of a user with this https://taigaio.github.io/taiga-doc/dist/api.html#auth-normal-login

And we make a chrome plugins sometime ago and maybe you can obtain some good ideas from it https://github.com/taigaio/taiga-feedback

--
Please help us keep the Taiga.io Community open and inclusive, follow our Code of Conduct:
https://github.com/taigaio/code-of-conduct/blob/master/CODE_OF_CONDUCT.md
---
You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To post to this group, send email to tai...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/b8560179-7c7f-401a-810f-5e721221bcb7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

---

David Barragán Merino   Engineer david.b...@kaleidos.net  | Tel: (+34) 913562995 www.kaleidos.net/FFF8E7

[jmcre...@peachtreebilling.com]

Thank you for your prompt response. I have accomplished what I want by having a hard coded username and password in the script and using normal login. But since the user will already be logged in I don't want to make them login again. And I don't want to leave a username and password in the code I wanted to use the token they already have. I looked at the github from the Taiga feedback but I am having trouble figuring it out since I am unfamiliar with coffee.

[jmcre...@peachtreebilling.com]

Hello, I have a few questions about the process of getting a valid auth token. I have been able to get a token out of the local storage of the user but it is unauthorized when I try to use it for the API. So does that mean I need to get it validated because it is from an external app? I have looked here https://taigaio.github.io/taiga-doc/dist/api.html#external-app-authorization to answer that question. From my interpretation of that documentation, I need to get the retrieved auth token validated and to do that I need an application id. We have been unable to figure out how to get an application id. We have our own instance of Taiga but can't figure out how to find the Django admin UI to get the application id. 

Also, David mentioned above that I could get a token for a user with normal login. I am trying to not have the user have to log in but instead get the token from their info already in local storage. If we are hosting our own instance of Taiga will getting an application token help? In some of those steps I will run into the same problem if needing an application id. I am sorry for my confusion but I am having trouble getting my questions answered from the documentation that I have seen. Any help would be really appreciated. Even if there is more documentation that I can look through.

Thank you for your time,

Jared

[David Barragán]

- An application_toke is used for example to auth users in your app using the taiga authentication system. The author is an external app. For example the button "Login With Taiga" at https://beta-tribe.taiga.io/login

- A standar_toke is used to make actions in Taiga using the api call (create issues, edit, issues, remove user stories....). The author is a Taiga user. For example the chrome plugin https://github.com/taigaio/taiga-feedback

So you only need a standar token because your chrome extension will be used by a user and not by an app.

To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/a293ddad-64ea-4442-9701-f1ca7678220f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[jmcre...@peachtreebilling.com]

So then the token that I can get out of the user info in local storage should be good to make API calls? Every time I use it it tells me unauthorized. 

[David Barragán]

Yes.

How are you making the calls? How are you using the token?

On Thu, May 5, 2016 at 2:49 PM, Jared McReynolds <jmcre...@peachtreebilling.com> wrote:

So then the token that I can get out of the user info in local storage should be good to make API calls? Every time I use it it tells me unauthorized.