I have a general question before I dive deeper into authentication modules.
I’m using TTRSS for quite some years now together with auth_ldap, but I would like to switch to another authentication system.
That could be either auth_remote or auth_oidc, which I would use together with LemonLDAP::NG.
My question is:
How does API access, eg. using the TTRSS android app, work together with this?
I’ve seen the “app passwords” section in Settings, so I guess, when switching to auth_remote, I can use these?
app passwords are needed because of 2fa which api has no support for. if you don’t have 2fa, you should be able to use your ldap (or whatever) user/password.
auth_remote might work, it’s http basic auth which tt-rss app should support.
I configured auth_remote to work together with LemonLDAP::NG (LLNG) and it’s working
But as LLNG is not “just” HTTP basic auth, the Android app isn’t working any longer, as all API calls get redirected to the LLNG login page.
I then configured LLNG to NOT redirect all calls to /api/, but allow access to /api/, even if not logged in to LLNG.
So I tried app passwords and configured one. But they don’t work, as I don’t use the tt-rss OTP function and I don’t have another compatible auth module enabled.
My question (or ‘feature wish’) would be: Could it be made possible to enable app passwords independantly of the OTP function?
Maybe by using a new configuration flag like “ENABLE_API_KEYS” or “ENABLE_APP_PASSWORDS”?
Hallo,
ah okay, thank you!
After enabling auth_internal, it indeed is working again.
When using TTRSS this way, I can just set the passwords of my users to some random value (via Settings > Users), right?
So that login is only possible via auth_remote or API key.