New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export of reports no longer working in Matomo 4 #16043
Comments
Same applies for all API example links |
@tsteur do you have a suggestion how to fix that issue? The reason seems to be, that the token_auth used within Matomo is a token_auth generated for the current session. The export and api example links are generated using this session token_auth. But actually that session token_auth can't be used for normal API calls. |
@sgiehl when using the The shown URL would maybe need to remove since we can't know the token. We wouldn't want to add that token to user_token_auth as it would basically mean if a user shares that link for some reason, another user would have access to Matomo for a certain amount of time. Of course it also means a user can no longer edit the URL after clicking on the export button. An alternative be to allow Ideally we'd POST the two mentioned parameters. If we still need to show a URL, we could add a sentence they need to append an app specific token to use it (could even show a form field where they can enter their token). |
Isn't that the whole point of the export feature: To have a starting point to interactively browse the Matomo API Another idea (not sure if it is better) would be to require people to create API tokens to use the export feature and allow selecting the used API token in the export window with an explanation on the implications of sharing the token (of course then we are again back to sending a token allowing access to a user via GET parameters) |
Not sure. I think the export dialog was added so people don't need to play with it and just get the data they want to export. I don't think too many people actually "play" with the API there as you'd need to know API, that you can play with it, it's parameters etc. Of course some do play with it.
It would just mean that people need to store the token in a password manager or something and copy/paste it every time they want to export something and there is indeed the risk re sharing the token. I guess maybe it shouldn't use the API there in the first place but then people wouldn't be able to "play" with it. Guess the most valuable parameters can be already changed in the export widget so that the URL doesn't need to be changed afterwards. Of course there will be always edge cases where other parameters will want to be used. Maybe we could allow Sharing that URL wouldn't give anyone else access to it because they would also need access to the user's session (aka cookies). That's because it is the |
@tsteur you mean something like this: https://github.com/matomo-org/matomo/compare/exportauth |
Yep.
|
Was just testing #15999 and then went to Ecommerce log -> Export and noticed I always get an error
Your session has expired due to inactivity. Please log in to continue.
. I suppose this applies to all reports through the UI report export popover.Possible this is due to the app specific token change.
The text was updated successfully, but these errors were encountered: