starred/proxmoxer
1
0
Fork 0
mirror of https://github.com/proxmoxer/proxmoxer.git synced 2026-04-25 07:06:00 +03:00
Code Issues 19 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #10] Authentication against new user api token feature #6

New issue
Closed
opened 2026-02-27 15:45:56 +03:00 by kerem · 6 comments
kerem commented 2026-02-27 15:45:56 +03:00
Owner
Copy link

Originally created by @rareshornet on GitHub (Mar 6, 2020).
Original GitHub issue: https://github.com/proxmoxer/proxmoxer/issues/10

Originally assigned to: @jhollowe on GitHub.

Hi there!

Seems proxmox now supports user api tokens instead of using passwords starting with libpve-access-control 6.0-6. The biggest benefit to me is the fact that you can have different permissions for tokens than users but also that when I'm deving in my own environment I don't have to store my password or create different users with different permissions.

Is this something that you are looking into adding as an alternative auth feature? If not would be a lot of work to implement?

Thanks!

Originally created by @rareshornet on GitHub (Mar 6, 2020). Original GitHub issue: https://github.com/proxmoxer/proxmoxer/issues/10 Originally assigned to: @jhollowe on GitHub. Hi there! Seems proxmox now supports user api tokens instead of using passwords starting with libpve-access-control 6.0-6. The biggest benefit to me is the fact that you can have different permissions for tokens than users but also that when I'm deving in my own environment I don't have to store my password or create different users with different permissions. Is this something that you are looking into adding as an alternative auth feature? If not would be a lot of work to implement? Thanks!
kerem commented 2026-02-27 15:45:56 +03:00
Author
Owner
Copy link

@jhollowe commented on GitHub (Apr 22, 2020):

Can you post a link to some information on this? I can't seem to find information on tokens, other than the tokens that are created by the API from your password.

<!-- gh-comment-id:617519041 --> @jhollowe commented on GitHub (Apr 22, 2020): Can you post a link to some information on this? I can't seem to find information on tokens, other than the tokens that are created by the API from your password.
kerem commented 2026-02-27 15:45:57 +03:00
Author
Owner
Copy link

@CompileNix commented on GitHub (Apr 22, 2020):

This is the only thing i was able to find on this topic:
https://pve.proxmox.com/wiki/User_Management#pveum_tokens

<!-- gh-comment-id:617624958 --> @CompileNix commented on GitHub (Apr 22, 2020): This is the only thing i was able to find on this topic: https://pve.proxmox.com/wiki/User_Management#pveum_tokens
kerem commented 2026-02-27 15:45:57 +03:00
Author
Owner
Copy link

@jhollowe commented on GitHub (Apr 22, 2020):

you can view, create, and edit tokens, but using a token as authentication is not yet supported.

Create token: proxmox.access.users('test_user@pve').token.push() (see here for more information)

Considering just how different the authentication method is, we will need to at least create a new Authentication class. We might even need to create a new backend for it, I really don't know and haven't looked at it that much.
I'm going to hold this out of the current future release and work on it for the next version.

<!-- gh-comment-id:617951309 --> @jhollowe commented on GitHub (Apr 22, 2020): you can view, create, and edit tokens, but using a token as authentication is not yet supported. Create token: `proxmox.access.users('test_user@pve').token.push()` (see [here](https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/users/{userid}/token/{tokenid}) for more information) Considering just how different the authentication method is, we will need to at least create a new Authentication class. We might even need to create a new backend for it, I really don't know and haven't looked at it that much. I'm going to hold this out of the current future release and work on it for the next version.
kerem commented 2026-02-27 15:45:57 +03:00
Author
Owner
Copy link

@jhollowe commented on GitHub (Apr 22, 2020):

for future reference:

To use an API token, set the HTTP header Authorization to the displayed value of the form PVEAPIToken=USER@REALM!TOKENID=UUID when making API requests, or refer to your API client documentation.

so probably just a new Auth

<!-- gh-comment-id:618082598 --> @jhollowe commented on GitHub (Apr 22, 2020): for future reference: > To use an API token, set the HTTP header `Authorization` to the displayed value of the form `PVEAPIToken=USER@REALM!TOKENID=UUID` when making API requests, or refer to your API client documentation. so probably just a new Auth
kerem commented 2026-02-27 15:45:57 +03:00
Author
Owner
Copy link

@CompileNix commented on GitHub (May 12, 2020):

https://www.proxmox.com/en/?option=com_content&view=article&id=140&Itemid=1153

Full support and the integration for API tokens has been added allowing stateless access to most parts of the REST API by another system, software or API client. API Tokens can be generated for individual users and can optionally be configured with separate permissions and expiration dates to limit the scope and duration of the access. Should the API token get compromised it can be revoked without having to disable the user itself.

<!-- gh-comment-id:627311000 --> @CompileNix commented on GitHub (May 12, 2020): https://www.proxmox.com/en/?option=com_content&view=article&id=140&Itemid=1153 > Full support and the integration for API tokens has been added allowing stateless access to most parts of the REST API by another system, software or API client. API Tokens can be generated for individual users and can optionally be configured with separate permissions and expiration dates to limit the scope and duration of the access. Should the API token get compromised it can be revoked without having to disable the user itself.
kerem commented 2026-02-27 15:45:57 +03:00
Author
Owner
Copy link

@jhollowe commented on GitHub (May 17, 2020):

Resolved by #20

<!-- gh-comment-id:629861276 --> @jhollowe commented on GitHub (May 17, 2020): Resolved by #20
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
release/2.3.0
develop-1.x
2.3.0
2.2.0
2.1.0
2.0.1
2.0.0
1.3.1
1.3.0
1.2.0
1.1.1
1.1.0
1.0.4
1.0.3
0.2.6
0.2.5
0.2.4
0.2.3
0.2.2
0.2.1
0.2.0
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
Labels
Clear labels   
backend:https

   
backend:local

   
backend:openssh

   
backend:ssh_paramiko

   
pull-request

Mirrored from GitHub Pull Request

  
status:ansible-issue

   
status:help-wanted

   
status:info-needed

   
status:proxmox-issue

   
status:review-needed

   
type:bug 🐞

   
type:dependency ⛓️

   
type:docs 📝

   
type:enhancement

  
type:maintenance 🛠️

   
type:meta

   
type:question

  
type:request

  
type:testing 🧪

   
version:1.x

   
version:latest

   
version:py2

   
version:py3
No labels
backend:https
backend:local
backend:openssh
backend:ssh_paramiko
pull-request
status:ansible-issue
status:help-wanted
status:info-needed
status:proxmox-issue
status:review-needed
type:bug 🐞
type:dependency ⛓️
type:docs 📝
type:enhancement
type:maintenance 🛠️
type:meta
type:question
type:request
type:testing 🧪
version:1.x
version:latest
version:py2
version:py3
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/proxmoxer#6
No description provided.