how to use authentication token from the header from login

[manjo-git]

As per the docs https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md

curl returns the SID with the command below. But using the sid in followup commands does not work. May be the documentation is out of date? or what am I doing wrong here ?

$ curl -i -k -H "Content-Type: application/json" -X POST https://${bmc}/login -d "{"data": [ "root", "0penBmc" ] }"
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 13 Feb 2019 07:44:11 GMT
Content-Type: application/json
Content-Length: 80
Connection: keep-alive
Keep-Alive: timeout=5
Set-Cookie: sid="!jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg=="; httponly; secure

{
"data": "User 'root' logged in",
"message": "200 OK",
"status": "ok"
}

$ tok='!jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg=='

$ echo $tok
!jO06vHb3/3tbu1H4A+hYXA==?gAJVA3NpZHEBVSAf3Q/UklNfDh4X1j8HOjeZQfuIhSsptVmjnWtHDquoIHEChnEDLg==

$ curl -H "X-Auth-Token: $tok"-XPOSThttps://${bmc}/xyz/openbmc_project/enumerate
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

[spinler]

If you're still using phosphor-rest-server, you don't need to do any token authentication at all. The openbmc master recently moved to using bmcweb as the REST server, and that is where you'll need it.

I attempted to explain that here: https://github.com/openbmc/docs/blob/master/REST-cheatsheet.md#notes-on-authentication, but by all means I won't be offended if you would like to submit a patch to reword it.

[manjo-git]

Sorry but I am a little confused with this BMC. This is on an IBM Witherspoon system.
root@witherspoon:# ps -ef | grep rest
1272 root 0:29 python /usr/sbin/phosphor-gevent rest_dbus --no-ssl
2106 root 0:00 grep rest
root@witherspoon:#

The version has a 2.6-prod in it .. not sure if that means its a 2.6 based??
root@witherspoon:# cat /var/lib/phosphor-software-manager/pnor/ro/VERSION
IBM-witherspoon-ibm-OP9-v2.0.11-2.6-prod
op-build-v2.0.11-4-g362008d
buildroot-2018.05.1-9-gc99f2ee
skiboot-00c8ab5-pdfdccea
hostboot-3bf7fcf-pfb5d59d
occ-3a505ff
linux-4.17.12-openpower1-p23ee713
petitboot-v1.7.3-pf71644b
machine-xml-dce824c
hostboot-binaries-hw112818a.op920
capp-ucode-p9-dd2-v4
sbe-7aa21f6
hcode-hw112818a.op920
root@witherspoon:#

But many of the authentication mechanisms dont seem to be working for me.. unless I am using them the wrong way. But following the documentation.. here is what I see.

-- What works --
$ curl -c cjar -b cjar -k -H "Contnt-Type: application/json" -X POST https://${bmc}/login -d "{"data": [ "root", "0penBmc" ] }"
{
"data": "User 'root' logged in",
"message": "200 OK",
"status": "ok"
}

$ curl -b cjar -k https://${bmc}/xz/openbmc_project/list
{
"data": [
"/xyz/openbmc_project/time/host",
"/xyz/openbmc_project/logging/entry/180",
.....
}

-- what does not work --

1. using url as :@host
   $ curl -k -X GET https://root:0penmc@${bmc}/xyz/openbmc_project/list
   {
   "data": {
   "description": "Login required"
   },
   "message": "401 Unauthorized",
   "status": "error"
   }

2. Getting the token, using a JSON dictionary with 'username' and 'password' keys:
   $ curl -k -H "Content-Type: appliction/json" -X POST https://${bmc}/login -d '{"username" : "root", "password" : "0penBmc"}'
   {
   "data": {
   "description": "Expecting request format { 'data': <type 'list'> }, got '{u'username': u'root', u'password': u'0penBmc'}'"
   },
   "message": "400 Bad Request",
   "status": "error"
   }

3. using the data username/password JSON dictionary
   posted output in my original issue report.

Could you please tell me what I might be doing wrong?

[spinler]

The only one that is valid for you, with a witherspoon with phosphor-rest, is the example you gave that works.