LXD json api cannot find auth


I recently wanted to switch my stuff to LXD to make deploy easier.
But I could not find a way to auth my json requests.

I got to the point, that I generated a cert, added that cert to the LXD node, I did already send the cert into the API but still it does not authenticate.

Can someone explain me, how do I auth on the web API?
I checked multiple documentations I could not figure out how.

From proxmox I am used, to send the credentials, I get tokens and I use them for further requests.
But here the API even refuses my generated cert.


Generating a RSA private key
writing new private key to 'client.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Quebec
Locality Name (eg, city) []:Montreal
Organization Name (eg, company) [Internet Widgits Pty Ltd]:stgraber.net
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:my client
Email Address []:
stgraber@castiana:~/api$ lxc config trust add client.crt 
stgraber@castiana:~/api$ lxc config trust list 
| FINGERPRINT  | COMMON NAME |         ISSUE DATE          |         EXPIRY DATE         |
| 005e0a1c713f | my client   | May 5, 2020 at 2:00pm (UTC) | May 5, 2021 at 2:00pm (UTC) |
stgraber@castiana:~/api$ curl -s -k https://localhost:8443/1.0 --cert client.crt --key client.key | jq .metadata.auth

That’s what I did, I send the cert + key json encoded to the API and all I get is not authorized.
No error message nothing.

“{“error”:“not authorized”,“error_code”:403,“type”:“error”}”

My Code: https://pastebin.com/RPDw6vMq
The documentation said, json and so I did post that.

Lemme make your life easier, heres “my” (forked and updated) composer lib for PHP https://github.com/turtle0x1/php-lxd

Heres how to create certs https://github.com/turtle0x1/php-lxd/blob/master/docs/configuration.md

The docs are out of date, you should use the agnostic “instances” URL by default for example

// Dont do this
$containers = $client->containers->all();
// Do this
$instances = $client->instances->all();

Well I do not want to use a 3rd party lib, that’s why I asked.
I do not want learn your 3rd party lib, I want to understand the LXC api.

Why does my code above not work?

1 Like

I did implemented it the wrong way, everything works now.
Sorry @stgraber and thanks for the hint.