With the settigns shown above you can access the api via the implicit user role.
There may be api actions that are still restricted since they do not belong to the “user role”
Similar problem here. With the following settings:
"openhab.host": "http://openhab",
"openhab.port": 8080,
"openhab.username": "Admin",
"openhab.password": "iwonttellyoumypassword"
No matter whether implicit user roles are enabled or disabled. Port 5007 (LSP) does not work either, which one should I use? It also does not work with an API token instead of a password (I would usually prefer the first option).
I always receive the following error message from the openHAB extension:
Error while connecting to openHAB REST API. self signed certificate
And loads of ENOTFOUND and parse error in the OH Language Server output in VSC.
I also found this related thread, but it still seems to be unresolved: [OH3] REST API Authentication Help RESOLVED.
So you are using openhab with https?
Probably behind a reverse proxy?
Edit:
Token based authentication won’t work with the extension for now.
I have stated that already somewhere but will add it to my FAQ thread now.
So you are using openhab with https?
Probably behind a reverse proxy?
No, I haven’t set up anything like this. I wish I could, but some months ago this looked far too sophisticated to me.
Any other ideas? So this should work in theory?
In theory it should work with an http connection yes.
Could you please try to remove the http:// from your config for testing in the openhab.host setting.
Second try would be to enter the ip adress directly instead of the hostname.
Alltough i doubt that it will work with a self signed certificate error.
Success! Turns out that you have to reload the VS Code window after every change you have made to the settings. This is a bit counter-intuitive, I have just left an issue for this in the extension repository.
To sum up, the following configuration now works for me:
"openhab.host": "openhab",
"openhab.port": 8080,
"openhab.username": "Admin",
"openhab.password": "iwonttellyoumypassword"
I’m looking forward to the day when you will be able to use tokens for authentication – it feels kind of unsafe to store my password in plain text, especially because I have turned on settings sync via the Microsoft cloud … 
2 Likes
Yeah maybe we could solve that if we reload the window on puprose after a config change.
Maybe we can subscribe to a config change via api and then reload settings.
But cleanest way would probably be to reload the window and activate the extension from scratch.
Anyway huge thanks for bringing it to github directly. 
1 Like
If you create an API token specifically for VS code (that’s the point of these tokens, you dedicate them to specific services so you don’t have to share your master password around), you should be able to use it as your username if you leave the password blank.
2 Likes
Yeah maybe we could solve that if we reload the window on puprose after a config change.
Nah, rather not, there are too many other extensions that do not properly resume after the window has been reloaded. I think the cleanest solution would just be to reload the settings every time manually – how expensive can this be today? However, probably we should move this discussion to GitHub. 
1 Like
Ah, thanks a lot! I very recently found out something similar, see this post:
(However, I don’t understand why you have to specify the access token as user but not as password! I think the common solution is to enter it as password instead. Is OH really following the (in)official standards here?)
Simple answer. The extension currently is capable of handling basic auth and the extension code omits the :password when you just enter a username.
That’s why it has to be in the password field (currently).
Th “latest” vscode extension release is from January so don’t expect too much openHAB 3 adaptions currently.
Good question, some software doesn’t allow empty user names and the token identified the user so I made it the “username” - but on the other hand some other software will log the password in plain text so you can inadvertently leak it. Maybe both options should work…
Yes, I also think both ways should be supported 
Many clients will treat the password as a more sensible data than the username.
ADMIN : NO advertising here !!!
Hello everyone ive just merged to an openhabian pi from my previous widows setup.
I was really struggeling with getting Visualcode to connect. (authentication failure)
AT LAST i changed my OH admin username (users.json) that had an emailadress with an @ to simple “admin”. I dont think OH/visualcode appriciates @ in the username
http://MYUSER:MYPSWD@192.168.31.2:8080/rest/things also trow an authentication fail with my email as username (webui worked fine)
Sucsess!
That’s not OH or vscode, it is the url format that uses @ as a delimiter to separate userinfo from the host. So every (correct working) application thinks " ah yes that’s the end of the user-data. here come the host".
Thank you for the reply
Maybe code first setup of username and passord not to allow @
Just wanna give a heads up if anyone else do this mistake migrating to OH3
Are you sure?
Yes, the username inside an URL must not contain an @.
But I would have expected this to work:
"openhab.username": "admin@example.com",
Absoulutly shure, i tested everything else before the AHA moment that the @ was the culprit
At some point we are doing a http request to the rest api (liek for updating the items/things explorer or hovering over an item) in the extension and then it will become part of an url.
I think that’s where thing will get messed up.
Just as a side node:
The usage of @ should probably be fine anyway as a user name. Can’t say something final about this.
There is still the alternative to use a generated token as username in the extension.
That would be prefered option in my view.
It is just a culprit when it come to basic auth without token, which will then lead to the uri problems.
So i would like to avoid checking for an @ if it is finei n some cases.
1 Like
Hi
I have a similar problem:
OH3 on Linux, behind a reverse proxy (nginx) and VSCode with openHab extension (Windows).
At VSCode with openHab extension a openhab.username and openhab.password for nginx authentication is specified.
So it is not possible, to specify openHab3 basic authentication here.
The result is: items can be read via rest api, but reading things (knx) fails with authentication error.
Before upgrading to openHab3 it was working.
Is there a possibility to configure nginx to do openHab autentication (e.g. via API token), but only for the user specified in VSCode?
Are there other possibilities?
Any hint is welcome!
Thank you.