Different between user role in Karaf and REST API

  • Platform information:
    • Hardware: Raspberry Pi 4
    • OS: Raspberry Pi OS / x64 / 11 (bullseye)
    • Java Runtime Environment: 11.0.15 (Temurin-11.0.15+10) (running in Docker)
    • openHAB version: 3.4.4 (running in Docker)
    • ConBee 2 USB stick

Dear community,

Just out of curiosity: what is the difference between $.[*].['tool']['scope'] of HTTP GET /rest/auth/sessions and the role in the Karaf console users list:

openhab> users list
my_user (user)

As you can see, the latter returns user, whereas the REST API returns admin for this user.

I don’t have any problem, just want to understand the differences.

Thank you

*friendly push*

Seems to be a ‘feature’ of how it is implemented/designed. Logging in via the web interface each session is marked to be ‘admin’ while the role in the background either is user or admin.

Login screen of the web interface shows: " Sign in to grant admin access to http://pi:8080"
This may be related to the behavior.

but when logging in via the web interface, I cannot do any admin-related operations, like adding new things, installing bindings, etc. - admin seems purely misleading to me, but maybe I’m missing something :thinking:

As far as I understand the login page assigns the requested scope which is admin.
As it is related to the user’s session the requested scope is shown in the REST API.
The role that the user has ( user ) then does not match with the requested scope ( admin ) - this then is handled in the background and does not provide access to admin stuff to users with role user.

1 Like