Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1 /write api does not support Basic auth #25833

Open
jdstrand opened this issue Jan 14, 2025 · 1 comment
Open

v1 /write api does not support Basic auth #25833

jdstrand opened this issue Jan 14, 2025 · 1 comment
Labels
v3

Comments

@jdstrand
Copy link
Contributor

jdstrand commented Jan 14, 2025
edited
Loading

Basic auth is supported in 1.x: https://docs.influxdata.com/influxdb/v1/administration/authentication_and_authorization/#authenticate-with-basic-authentication. Since Core and Enterprise don't have users, they should support basic auth like other non-1.products where the password is the token string and the username is ignored (can be anything).

Telegraf uses Basic authentication when specifying username and password in the v1 influxdb output plugin: https://github.com/influxdata/telegraf/blob/master/plugins/outputs/influxdb/http.go#L503

Steps to reproduce:

On the server:

$ influxdb3 create token
Token: apiv3_...
Hashed Token: 1330b707ff133a46d13ac87a4d678f30703e5bbec5230a325e0fd1ac25ade8a831ad6a5985d5a4c26b722229dcf1c7f50ac810ee81a6363a355b3c66b440733a

$ influxdb3 server ... --bearer-token 1330b707ff133a46d13ac87a4d678f30703e5bbec5230a325e0fd1ac25ade8a831ad6a5985d5a4c26b722229dcf1c7f50ac810ee81a6363a355b3c66b440733a

On the client:

$  export INFLUX_TOKEN="apiv3_..."
$ export INFLUX_BASIC=$(echo -n "ignored:$INFLUX_TOKEN" | base64 -w 0)
$ curl -H "Authorization: Basic $INFLUX_BASIC" -X POST "http://localhost:8181/write?db=test" --data-binary "mymeas,mytag1=sometag value=0.56 $(date +%s%N)"
{"error":"Authorization header was malformed and should be in the form 'Authorization: Bearer <token>'"}

For completeness, all other cases seem to already be supported for v2 /api/v2/write and v1 /write:

# write (v2) - works with Bearer
$  export INFLUX_TOKEN="<token from 'influxdb3 create'>"
$ curl -H "Authorization: Bearer $INFLUX_TOKEN" -X POST "http://localhost:8181/api/v2/write?bucket=test" --data-binary "mymeas,mytag1=sometag value=0.51 $(date +%s%N)"

# write (v2) - works with Token
$ curl -H "Authorization: Token $INFLUX_TOKEN" -X POST "http://localhost:8181/api/v2/write?bucket=test" --data-binary "mymeas,mytag1=sometag value=0.52 $(date +%s%N)"

# write (v1) - works with Bearer
$ curl -H "Authorization: Bearer $INFLUX_TOKEN" -X POST "http://localhost:8181/write?db=test" --data-binary "mymeas,mytag1=sometag value=0.53 $(date +%s%N)"

# write (v1) - works with Token
$ curl -H "Authorization: Token $INFLUX_TOKEN" -X POST "http://localhost:8181/write?db=test" --data-binary "mymeas,mytag1=sometag value=0.54 $(date +%s%N)"

# write (v1) - works with username/password URL params
$ curl -X POST "http://localhost:8181/write?db=test&u=ignored&p=$INFLUX_TOKEN" --data-binary "mymeas,mytag1=sometag value=0.55 $(date +%s%N)"
@jdstrand jdstrand added the v3 label Jan 14, 2025
@jdstrand
Copy link
Contributor Author

Note to whoever picks this up: with older InfluxDB write paths, only /write (v1) supports Basic auth. /api/v2/write does not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdstrand