You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by Ankit Raibole <ra...@gmail.com> on 2023/03/02 04:15:24 UTC
Passing authToken in header
Hello Dev team,
My doubt is regarding passing the authToken in the header instead of query
parameters.
Currently, I am passing the authToken as query params like
"{guacServerURL}/#client/{connectionId}/token?{authToken}". and changing
the current window.location.href to this one and it works fine as VM i am
able to connect to the VM.
But now I want to pass it in headers, I referred to this PR:
https://github.com/apache/guacamole-client/pull/649 , and we can't send
headers in href or window.open. So i tried making GET call (used ajax,
fetch, XMLHTTP to pass the token in headers) for this URL and generating
the page with the response. But then it is not working as it gives 403.
How should i proceed?
Thanks, & regards
Ankit
Re: Passing authToken in header
Posted by Ankit Raibole <ra...@gmail.com>.
I am using encrypted-json authentication. Inside guac-auth/index.html this
is my updated code
```
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,
initial-scale=1.0">
<title>Guacamole Authorization - My ASP.NET Application</title>
</head>
<body>
<h3>Verification is in progress, kindly wait </h3>
<!-- Display -->
<div id="display"></div>
<script src="jquery.js"></script>
<!-- Guacamole -->
<script type="text/javascript" src=
"/guacamole/guacamole-common-js/all.min.js"></script>
<script type="text/javascript">
function getQueryVariable( variable )
{
let query = window.location.search.substring( 1 );
let vars = query.split( "&" );
for ( let i = 0; i < vars.length; i++ )
{
let pair = vars[i].split( "=" );
if ( pair[0] == variable ) { return pair[1]; }
}
return ( false );
}
$( document ).ready( function ()
{
let guacServer = decodeURIComponent( getQueryVariable(
"guacserver" ) );
let connectionId = decodeURIComponent( getQueryVariable(
"connectionId" ) );
let connectionData = decodeURIComponent( getQueryVariable(
"connectionData" ) );
$.ajax( {
"url": guacServer + "/api/tokens",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data": {
"data": connectionData
}
} ).done( function ( authData )
{
console.log( authData );
let authToken = authData.authToken;
// Get display div from document
var display = document.getElementById( "display" );
var headers = {
'Guacamole-Token': authToken
}
// Instantiate client, using a WebSocket tunnel for
communications.
var guac = new Guacamole.Client( new Guacamole.
HTTPTunnel( "https://108.143.201.3/guacamole/tunnel", true, headers ) );
// var guac = new Guacamole.Client( new
Guacamole.WebSocketTunnel( "wss://108.143.201.3/guacamole/websocket-tunnel"
) );
// var guac = new Guacamole.Client( new
Guacamole.WebSocketTunnel( guacServer + '/websocket-tunnel' ) );
// Add client to display div
display.appendChild( guac.getDisplay().getElement() );
// Error handler
guac.onerror = function ( error )
{
console.error( error );
alert( error.message );
};
// Connect
// window.location.href = guacServer + '/#/client/' +
connectionId + "?token=" + authToken;
guac.connect( 'GUAC_ID=' + connectionId + '&GUAC_TYPE=c'
+ '&GUAC_DATA_SOURCE=json' );
// Disconnect on close
window.onunload = function ()
{
guac.disconnect();
}
// Mouse
var mouse = new Guacamole.Mouse( guac.getDisplay().
getElement() );
mouse.onmousedown =
mouse.onmouseup =
mouse.onmousemove = function ( mouseState )
{
guac.sendMouseState( mouseState );
};
// Keyboard
var keyboard = new Guacamole.Keyboard( document );
keyboard.onkeydown = function ( keysym )
{
guac.sendKeyEvent( 1, keysym );
};
keyboard.onkeyup = function ( keysym )
{
guac.sendKeyEvent( 0, keysym );
};
} ).fail( function ( data )
{
console.log( "error data: " + data );
alert( "Failed to authorize. Either token is expired or
connection parameter is corrupt" )
} );
} );
</script>
</body>
</html>
```
But this is not working. in logs, it is showing permission denied.
[image: image.png]
Is this error because of guacamole or some other issue?
On Sat, Mar 4, 2023 at 11:02 PM Michael Jumper <mj...@apache.org> wrote:
> On Wed, Mar 1, 2023 at 8:16 PM Ankit Raibole <ra...@gmail.com>
> wrote:
>
> > Hello Dev team,
> >
> > My doubt is regarding passing the authToken in the header instead of
> query
> > parameters.
> > Currently, I am passing the authToken as query params like
> > "{guacServerURL}/#client/{connectionId}/token?{authToken}". and changing
> > the current window.location.href to this one and it works fine as VM i am
> > able to connect to the VM.
> > But now I want to pass it in headers, I referred to this PR:
> > https://github.com/apache/guacamole-client/pull/649 , and we can't send
> > headers in href or window.open. So i tried making GET call (used ajax,
> > fetch, XMLHTTP to pass the token in headers) for this URL and generating
> > the page with the response. But then it is not working as it gives 403.
> > How should i proceed?
> >
>
> You cannot pass the "Guacamole-Token" header in a request for static
> content and have that header have any impact on whether future requests to
> the REST API, etc. are properly authenticated.
>
> The webapp only reads tokens from the "token" query parameter or
> "Guacamole-Token" header from authenticated parts of the application: the
> REST API and tunnel endpoints. Everything else is static content
> implementing a single-page app that leverages JavaScript and the
> application's REST API for all dynamic functionality. When you pass the
> "token" query parameter to the UI portion of the application via the URL
> visible in the browser, that JavaScript is actually manually copying that
> token and using it for its REST and tunnel requests, hence why that works.
> It is not possible for JavaScript within the page to read HTTP headers
> involved in the GET request for that same page.
>
> - Mike
>
Re: Passing authToken in header
Posted by Michael Jumper <mj...@apache.org>.
On Wed, Mar 1, 2023 at 8:16 PM Ankit Raibole <ra...@gmail.com>
wrote:
> Hello Dev team,
>
> My doubt is regarding passing the authToken in the header instead of query
> parameters.
> Currently, I am passing the authToken as query params like
> "{guacServerURL}/#client/{connectionId}/token?{authToken}". and changing
> the current window.location.href to this one and it works fine as VM i am
> able to connect to the VM.
> But now I want to pass it in headers, I referred to this PR:
> https://github.com/apache/guacamole-client/pull/649 , and we can't send
> headers in href or window.open. So i tried making GET call (used ajax,
> fetch, XMLHTTP to pass the token in headers) for this URL and generating
> the page with the response. But then it is not working as it gives 403.
> How should i proceed?
>
You cannot pass the "Guacamole-Token" header in a request for static
content and have that header have any impact on whether future requests to
the REST API, etc. are properly authenticated.
The webapp only reads tokens from the "token" query parameter or
"Guacamole-Token" header from authenticated parts of the application: the
REST API and tunnel endpoints. Everything else is static content
implementing a single-page app that leverages JavaScript and the
application's REST API for all dynamic functionality. When you pass the
"token" query parameter to the UI portion of the application via the URL
visible in the browser, that JavaScript is actually manually copying that
token and using it for its REST and tunnel requests, hence why that works.
It is not possible for JavaScript within the page to read HTTP headers
involved in the GET request for that same page.
- Mike