Autnentication by using API key #14
Comments
Since 2021-09-21, vault.bitwarden.com introduced a captcha requirements in the authentication. This is bypassed with a client_secret when using the api or bw-cli as described here [1]. This change gives the possibility to pass a client_secret to the Client class. fixes corpusops#14 [1] https://bitwarden.com/help/cli-auth-challenges/
|
from #11 BITWARDEN_TOKEN=$(curl --location -s --request POST \
${BITWARDEN_URL}/identity/connect/token \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "scope=api" \
--data-urlencode 'deviceName=chrome' \
--data-urlencode 'deviceIdentifier=DEVICE_ID' \
--data-urlencode 'deviceType=DEVICE_TYPE' \
--data-urlencode "username=${BITWARDEN_USER}" \
--data-urlencode "client_id=${BITWARDEN_CLIENID}" \
--data-urlencode "client_secret=${BITWARDEN_SECRET}" | jq -r '.access_token') |
|
Feel free to open PR for it, which i would be welcome to merge ! |
|
@valleedelisle, can you please create PR for your commit? |
|
does it cover vaultwarden api token auth too ? Seems it's for official bitwarden server implementation, isnt it ? |
|
i've create a patch from this code for tests, unfortunately it doesn't handle api token auth |
|
I don't use this lib anymore because it's incomplete. I decided to wrap around the bwcli instead. Feel free to use my code if it helps, but I can't maintain this as I don't use it anymore. |
|
possible via #18 def api_key():
return {"client_id": "…",
"client_secret":"…",
"scope":"api",
"grant_type":"client_credentials"}
client = Client(server, email, password, mfa_cb=api_key)
client.sync() |
|
@commonism, thanks! I've tried it out with bitwardentools 1.0.56 and it works. Unfortunately client password is still required, am I misunderstanding this feature or is it really supposed to work only when client password is provided? |
Can you paste how you implemented it as there is an error on @commonism snippet, it should be def api_key():
return {"client_id": "…",
"client_secret":"…",
"scope":"api",
"grant_type":"client_credentials"}
client = Client(server, email, password, authentication_cb=api_key)
client.sync() |
|
BTW, i have some bits to finish before an official release which includes this PR. |
@kiorky, I did and it works as long as username, password and API key is provided. However it doesn't work if I do not specify email or password. Am I wrong to assume that API key alone should be sufficient to authenticate user?
I'm aware of that and I've installed bitwardentools from here: https://github.com/corpusops/bitwardentools/archive/refs/tags/1.0.56.tar.gz |
|
Email/Password is required for 2fa, pass empty strings for api key via cb. |
This isnt a release. Published release remain only on pypi. |
Hello,
I've looked into documentation and couldn't really find an answer, does
bitwardentoolssupport authentication via API keys? Recent version of Vaultwarden has added support for them and I was wondering if it is possible to use API keys instead of password for authentication.Thanks!
The text was updated successfully, but these errors were encountered: