You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authentication by specifying the access token in the Nightscout URL through HTTP authentication (putting it in front of the hostname separated by "@") no longer works.
To Reproduce
Steps to reproduce the behavior:
Below, replace ACCESS_TOKEN with an access token with role device-readwrite set up in Nightscout, and replace HOST with the hostname of a Nightscout instance (ends with ".code.run"). Then:
(a) If I open the URL https://HOST/api/v1/entries.json?token=ACCESS_TOKEN in a browser (i.e. via HTTP GET), it lists a array of my latest glucose values, in JSON format.
(b) If I instead open the URLhttps://ACCESS_TOKEN@HOST/api/v1/entries.json in a web browser then I get redirected to the same URL without ACCESS_TOKEN@, and with page body {"status":401,"message":"Unauthorized","description":"Invalid/Missing"}
Unfortunately the previous version that I know to have worked was from around May 20, 2021, so I don't know when in the last 33 months or so this broke.
Expected behavior
Both methods should produce a list of my latest glucose values, in JSON format.
Your setup information
Nightscout built today from the latest commit 21e0591
Trying to upload via Xdrip. Due to bugs in Xdrip, the access token needs to either be specified in the manner I noted above, when one can't reuse the Xdrip webserver's API secret. Concretely, the code in Xdrip incorrectly treats the uploader base URL as a String and appends stuff to it, instead of parsing it as a Uri and then mutating just the path component; this breaks when the URL has query parameters.
Note that the documentation at https://nightscout.github.io/uploader/setup/#xdrip documents the format that no longer works (that page is very old so it still refers to API_SECRET rather than ACCESS_TOKEN, but the gist is the same).
The text was updated successfully, but these errors were encountered:
Describe the bug
Authentication by specifying the access token in the Nightscout URL through HTTP authentication (putting it in front of the hostname separated by "@") no longer works.
To Reproduce
Steps to reproduce the behavior:
Below, replace ACCESS_TOKEN with an access token with role
device-readwrite
set up in Nightscout, and replace HOST with the hostname of a Nightscout instance (ends with ".code.run"). Then:https://HOST/api/v1/entries.json?token=ACCESS_TOKEN
in a browser (i.e. via HTTP GET), it lists a array of my latest glucose values, in JSON format.https://ACCESS_TOKEN@HOST/api/v1/entries.json
in a web browser then I get redirected to the same URL without ACCESS_TOKEN@, and with page body{"status":401,"message":"Unauthorized","description":"Invalid/Missing"}
This broke after I synced my fork of https://github.com/nightscout/cgm-remote-monitor to the latest commit 21e0591 today.
Unfortunately the previous version that I know to have worked was from around May 20, 2021, so I don't know when in the last 33 months or so this broke.
Expected behavior
Both methods should produce a list of my latest glucose values, in JSON format.
Your setup information
Additional context
Note that the documentation at https://nightscout.github.io/uploader/setup/#xdrip documents the format that no longer works (that page is very old so it still refers to API_SECRET rather than ACCESS_TOKEN, but the gist is the same).
The text was updated successfully, but these errors were encountered: