Hello, I want to use JWT token as Authorization header for rest-apis but I am not able to use tls2jwt command on cli. How can I convert client.cert, client.key to JWT token so that I can use it.
no ref here: Remote API authentication - Incus documentation
stgraber@castiana:~$ go install github.com/lxc/incus/v6/test/tls2jwt@latest
stgraber@castiana:~$ tls2jwt
Usage: tls2jwt <public-certificate-file> <private-key-file> <not-before-timestamp> <duration-seconds>
This is mostly a reference/testing tool. The actual creation of a certificate signed JWT with the required fields can be done in any programming or scripting language that you wish, it’s not specific to Incus.
Hello, you guys added the functionality cause it’s easy to authenticate the client but I think there is one thing where this will not work. When we access the instances console then we create 2 web socket one for data and one for control but as we know web sockets doesn’t support custom headers. In this case we are not able to authenticate the web socket to the host. There’s a solution to this, we can pass this token in query params and on server end we capture it and do the authentication.
You can still send regular HTTP headers as part of establishing a websocket connection, some quick googling actually shows the python websocket documentation including an example for exactly this case (bearer token through Authorization header).
I’m using xterm.js in my frontend app to access the console for my instances on my custom web app. Here is something which is most relevant to my use case.
Ah. lovely, so it’s the javascript API being badly designed…