API always says unauthorized

I’m encountering this issue: authorization works, I get a token.
But then even simple (non-public) GET requests with that token get me an Unauthorized error and in the Logs I see “Error decoding JWT”, but when pasted the token into a decoder It seems valid.

Using Version 1.30.5 as docker container, most recent version as I checked just now, no firewalls/proxies or anything funny, I request directly from the host of the container. Using the API key of the org I try to get the details of.

code snippet of my ruby script, maybe someone sees imediately what’s the issue:

token_res = HTTParty.post( ', 
   headers: { 'Content-Type' => 'application/x-www-form-urlencoded'},
   body: '<scope, client_id,...>' )
vw_token = token_res.parsed_response["access_token"] # printing this token, it seems to be fine.

details = HTTParty.get( '<org-id>/collections/details', 
   headers: { 'Authorization' => "Bearer #{vw_token}" } )
puts details

The token has a limited valid duration. So if it takes to long the token will be invalid.

Also, not sure if you use the exact same instance and same rsa keys. Also, sometimes partially JWT’s can be decoded.

yeah I know of the time limit, but I guess the 3600 is in seconds, so that would give me an hour and I send the get in the same second I get the token itself…

Also not all endpoints are accessible by using all credential type’s. Vaultwarden doesn’t support the public API for example. And only allows the organisation API token for the directory connector. Not for accessing all other endpoints.

If you use a personal API token it will probably work.

I’m aware the APIs aren’t the same, that’s why I looked int he vaultwarden repo itself to find the endpoints…good thing they are commented there, w/o knowledge of rust I wouldn’t have fount them outherwise I think :smiley:

kk, I will try on Friday whether a token received with user credentials works and will update on my findings.

I tried the directory connector, but simply gave up on it and wanted to write my own script. (it worked for like two days, then with no changes suddenly logs me out without throwing errors when I start the sync, test works fine, even using a backup from the first day doesn’t help)

The API is based upon the Bitwarden Client API.
Our documentation is as good as there’s haha.

ok it does work when using username+password instead of the api credentials…
is there any plan on making endpoints of an organization available to organization API access?

I’m not sure how this currently is with Bitwarden it self. If they support this already, then we might need to add this. Else someone just needs to create the public API endpoints available for Vaultwarden. Which currently isn’t high on my todo list at least.