@davorminchorov opened this Issue on January 9th 2017

Hi there!

After upgrading Piwik to v3, the removal of auth tokens from the list of users / specific user / newly created user broke my application, so I fixed it but now I can't get the auth token using the Piwik API in order to log the users in using an iframe.

I use the getTokenAuth() method but that causes a new error when trying to log in the user using that auth token, and the error Error: You can't access this resource as it requires an 'view' access for the website id = 91. shows up. The weird part is that the site id 91 has view access already when I run the getSitesAccessFromUser() method to check the access of all sites (in my case, the user has one site).

I've read about this problem on the forums and #10938 but can't find a solution.

Any ideas how can I get the auth token through the Piwik API? I don't have access to the Piwik Database.

@Fensterbank commented on January 13th 2017 Contributor

Hey,

we have the same issue!
I thought, still getting the token in v3 would be easy to solve by just using the getTokenAuth() method, but as mentioned in the forum post this doesn't work because the method does not accept the encrypted password we're getting from the other api methods.

I don't want to take a look directly to the database for this because using an (available) API is always better.

Because our scripted workflow is broken now, our company decided to downgrade back to 2.17.1 until there is a solution for this. :(

@mattab commented on February 18th 2017 Member

Thanks for the report. This is indeed a problem if you need the token_auth. So far we think the best way to provide a workaround would be to create a new plugin on the marketplace, which would add the token_auth to all API methods exporting users information. Would maybe one of you be able to create this plugin?

@tsteur commented on February 18th 2017 Member

This is not a regression since the API is still the same and still works see eg in the mobile app etc.

but as mentioned in the forum post this doesn't work because the method does not accept the encrypted password we're getting from the other api methods.

There is no way anymore to get the original password from the database since it is hashed. You need the original password to get the token

@mattab commented on March 27th 2017 Member

Maybe App-specific passwords could help with this use case? we'll discuss this possibility in https://github.com/piwik/piwik/issues/6559#issuecomment-289455457

@sgiehl commented on July 23rd 2020 Member

I'll close this issue now, as it won't be possible in any way to receive the auth tokens as of Matomo 4. If you need to automate anything you can create app specific tokens for a user or temporary system token to use them in external applications.

@mattab commented on September 10th 2020 Member

the solution is documented in the FAQ at https://matomo.org/faq/general/faq_114/ including how it will work for Matomo 4 and newer

This Issue was closed on July 23rd 2020
Powered by GitHub Issue Mirror