OpenHab Cloud and OH3 M2 server

There is issue with connecting android app to latest OH3 M2 server.
When I try connect app show error:
Authentication failed. Please check configured username and password respectively the provided SSL client certificate(HTTP code 401)

Open hab server show this error:

[WARN ] [ore.io.rest.auth.internal.AuthFilter] - Unauthorized API request: Invalid Basic authentication credentials

So app somehow do not send compatible username and password to server. Probably best option will be to add Authentication Token instead of username and password…

I see that openhab server is sace sensitive in username field and correct capitals in username has fix that issue.
But there is still isue with remote server which connecting to OpenHAB Cloud server.
App can normaly register to “Firebase Cloud Messagigng” but looks like it can’t access to sitemaps and produce error when access “https://SERVER/rest/sitemaps” and crash with error “org.openhab.habdroid.util.HttpClient$HttpException: OK”

Log from server:

2020-11-06 06:24:56.028 [DEBUG] [io.openhabcloud.internal.CloudClient] - on(): request
2020-11-06 06:24:56.029 [DEBUG] [io.openhabcloud.internal.CloudClient] - Got request 266
2020-11-06 06:24:56.029 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“host”:“SERVER”,“cache-control”:“no-cache”,“accept-encoding”:“gzip”,“user-agent”:“openhab-cloud/0.0.1”}
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Request method is GET
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header host = SERVER
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header cache-control = no-cache
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header accept-encoding = gzip
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header user-agent = openhab-cloud/0.0.1
2020-11-06 06:24:56.050 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty finished receiving response header
2020-11-06 06:24:56.051 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent headers to request 266
2020-11-06 06:24:56.052 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“headers”:{“Transfer-Encoding”:“chunked”,“Server”:“Jetty(9.4.20.v20190813)”,“Date”:“Fri, 06 Nov 2020 06:24:56 GMT”,“Content-Type”:“application/json”},“responseStatusCode”:200,“responseStatusText”:“OK”,“id”:266}
2020-11-06 06:24:56.053 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty received response content of size 2120
2020-11-06 06:24:56.054 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent content to request 266
2020-11-06 06:24:56.056 [DEBUG] [io.openhabcloud.internal.CloudClient] - Finished responding to request 266
2020-11-06 06:24:56.483 [DEBUG] [io.openhabcloud.internal.CloudClient] - on(): request
2020-11-06 06:24:56.483 [DEBUG] [io.openhabcloud.internal.CloudClient] - Got request 267
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“host”:“SERVER”,“cache-control”:“no-cache”,“accept-encoding”:“gzip”,“user-agent”:“openhab-cloud/0.0.1”}
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Request method is GET
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header host = SERVER
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header cache-control = no-cache
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header accept-encoding = gzip
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header user-agent = openhab-cloud/0.0.1
2020-11-06 06:24:56.488 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty finished receiving response header
2020-11-06 06:24:56.489 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent headers to request 267
2020-11-06 06:24:56.490 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“headers”:{“Transfer-Encoding”:“chunked”,“Server”:“Jetty(9.4.20.v20190813)”,“Date”:“Fri, 06 Nov 2020 06:24:56 GMT”,“Content-Type”:“application/json”},“responseStatusCode”:401,“responseStatusText”:“OK”,“id”:267}
2020-11-06 06:24:56.490 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty received response content of size 63
2020-11-06 06:24:56.491 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent content to request 267
2020-11-06 06:24:56.492 [WARN ] [io.openhabcloud.internal.CloudClient] - Jetty request 267 failed: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
2020-11-06 06:24:56.492 [WARN ] [io.openhabcloud.internal.CloudClient] - Response Failure: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
2020-11-06 06:24:56.494 [DEBUG] [io.openhabcloud.internal.CloudClient] - Finished responding to request 267

Looks like is related to Cloud server can please thread be moved into right forum?

You can do that yourself actually. Click the pencil icon next to the topic title and you can change the title, category, and tags.

1 Like

Thread moved to correct forum…

After more researching it looks like openHAB Cloud addon can’t access to API or do not receive correct authentication data in request.
Is possible that special characters in password like @ can produce problems when nginx and node process requests?

It might be because @ separates username and password from server in standard http://user:pass@url/path?query usage.

I will try today but I think that it is not issue and they are think about that… Probably openHAB Cloud addon do not or do not support authentication to API on same openHAB server and think that if run on it it can access to it…
If @ is problem thatn also probably will be problem with username which must on openhabCloud contain @ …
For example:

http://my.name@domain:MY_PASS_WITH_@@https://server.domain/path?query

I see that if I enable in API “Implicit user role for unauthenticated requests” that access over cloud work. But my server in that case is not secured and everyone can without login access over API to items/sites and that is not option.

Is source code for cloud connect addon availible(That I check how it acces to API)?
Is there plan to add new security login to API with tokens(Probably new option in cloud addon to enter token?

Take a look there: https://github.com/openhab/openhab-addons/blob/main/bundles/org.openhab.io.openhabcloud/src/main/java/org/openhab/io/openhabcloud/internal/CloudClient.java

Thats pretty much everything. What you will notice that it is a connection to openhab cloud which forwards some calls from public instance to yours without doing anything except basic credentials check.

Reason why it doesnt work for you is rather trivial and caused by cloud connector architecture. Openhab cloud rely on basic auth so you need to have the same credentials in both places (oh & oh cloud) to let it work.
If you have a missmatch and send OH credentials to openhabcloud it will mark request as unauthenticated and abstain from forwarding it.

Thanks for reply. I will check sources.
I have same username and password on both sides. On openHABCloud server account have master permissions and on OpenHAB server it have administrator permissions. Only issue which can be is that I use special characters in password and @ character at end of password. That I will try later today and if that is problem report that as bug otherwise there is some other issue beetween cloud and openhab server…

Im change password on openhab server and cloud server to one without @ in it and same thing happen so that special character in password is not issue…

I am getting the same response with the android app beta and with the homehabit app.

16:51:04.056 [WARN ] [core.io.rest.auth.internal.AuthFilter] - Unauthorized API request: Invalid Basic authentication credentials

1 Like

All right, in such case it looks more like a case where openhab-cloud removes authorization header and pass request without it. When OH receives it locally it refuses it.

1 Like

Im open bug report and we will see if it ill be fixed…

Little update… Im check cloud addon source code, setup VSCode IDE and add new API token authentication into Cloud addon.

Right now I testing addon and looks like it work as must.

Both option can be disabled and it normally work ONLY over cloud connection.

Because Android app do not support API Token authentication it do not connect localy. To use also local connetion in API settings “Allow Basic Authentication” must be enabled. Then it work like this:
Local connection use basic authentication which is supported by android app
Remote connection use basic authentication to connect to Cloud server but then addon localy use API key to authenticate to openhab server.
That way you can have disabled “Implicit user role for unauthenticated requests” and prevent everyone in your local network to control your openhab server…

Now I need fix implementation of sendNotification() functions to get it work on OH3 and then if someone is interested to try/test it I can send jar file … Im new at openhab developing so probably I will need more time to understand things and fix that :slight_smile: