After upgrading Piwik to v3, the removal of auth tokens from the list of users / specific user / newly created user broke my application, so I fixed it but now I can't get the auth token using the Piwik API in order to log the users in using an iframe.
I use the
getTokenAuth() method but that causes a new error when trying to log in the user using that auth token, and the error
Error: You can't access this resource as it requires an 'view' access for the website id = 91. shows up. The weird part is that the site id 91 has view access already when I run the
getSitesAccessFromUser() method to check the access of all sites (in my case, the user has one site).
Any ideas how can I get the auth token through the Piwik API? I don't have access to the Piwik Database.
we have the same issue!
I thought, still getting the token in v3 would be easy to solve by just using the
getTokenAuth() method, but as mentioned in the forum post this doesn't work because the method does not accept the encrypted password we're getting from the other api methods.
I don't want to take a look directly to the database for this because using an (available) API is always better.
Because our scripted workflow is broken now, our company decided to downgrade back to 2.17.1 until there is a solution for this. :(
Thanks for the report. This is indeed a problem if you need the token_auth. So far we think the best way to provide a workaround would be to create a new plugin on the marketplace, which would add the token_auth to all API methods exporting users information. Would maybe one of you be able to create this plugin?
This is not a regression since the API is still the same and still works see eg in the mobile app etc.
but as mentioned in the forum post this doesn't work because the method does not accept the encrypted password we're getting from the other api methods.
There is no way anymore to get the original password from the database since it is hashed. You need the original password to get the token
Maybe App-specific passwords could help with this use case? we'll discuss this possibility in https://github.com/piwik/piwik/issues/6559#issuecomment-289455457
I'll close this issue now, as it won't be possible in any way to receive the auth tokens as of Matomo 4. If you need to automate anything you can create app specific tokens for a user or temporary system token to use them in external applications.