Authentication problems since upgrade

Hey, I just upgraded from 2.0.8 to 2.1.3 and now my Postman configs don’t work due to OAuth2 authentication problems.

Before the upgrade, I was using “/auth/dex/token” with the authentication options for “basic auth” and the username/password for “cells-front” that is built-in. This config no longer works and returns an HTML page that just says “Loading…”

After reading the updated docs, I tried to use the OIDC endpoint for authentication and this is also not working, see the following screenshot:

Please advise!

EDIT: Ok, I used “cells config list” to find out that the only valid redirect_uri is “https://get2.hhangus.com/auth/callback” and this setting worked. However, I want to be able to login without having to have a user-login screen because this is a backend-client that needs to talk to Pydio. That’s why I was using the auth/dex/token endpoint and I still need to be able to do this going forward. The Postman example doesn’t provide an example of how to do this token request without the user-form, and so I need to know how to do that please.

Hello @scott.bentley,

On Cells 2.1 we have completely removed another component (dex) that was used for the authentication to fully utilize a library that handles everything OIDC related, that is why the redirect URI has been updated.

I believe the best case would be to be able to create a connector with an API key/secret combo that you could use to authenticate.
Unfortunately this is not available at this time and is on our list of features that must be added.

Thanks @zayn,

It’s unfortunate that the key/secret method (dex) was removed as I was depending on it for my back-end integration. I won’t be able to upgrade from 2.0.x until this feature is re-implemented or I can figure out how to use OIDC without the web-browser login popup.

I’m curious how the cec client can work if there’s no key/secret? A Postman example, without having a web-browser login popup, would be super helpful.

ah sorry, what I meant was that you can create a custom set of key/secret (that would allow you to log in without needing to handle tokens or else) for a specific case.`
For instance on spotify, you can create an app with a set of key and secret that allows you to interact with spotify without the need to authenticate each time.

You still have the defaults, cells-client, cells-sync you can actually find their definition inside the pydio.json file.

But it is still about obtaining a token and handling the refresh.

On the cells-client and cells-sync we handle the refresh but if you use it on your own you will need to handle the refresh.

{
          "client_id": "cells-client",
          "client_name": "Cells Client CLI Tool",
          "grant_types": [
            "authorization_code",
            "refresh_token"
          ],
          "redirect_uris": [
            "http://localhost:3000/servers/callback",
            "https://my-server/oauth2/oob"
          ],
          "response_types": [
            "code",
            "token",
            "id_token"
          ],
          "scope": "openid email profile pydio offline"
        },