github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 03:27:53 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

[GH-ISSUE #105] Vikunja API Token wasn't working for get tasks api/v1/projects/1/tasks #5973

New Issue
Closed
opened 2026-04-20 16:26:45 -05:00 by GiteaMirror · 14 comments
GiteaMirror commented 2026-04-20 16:26:45 -05:00
Owner
Copy Link

Originally created by @ubeyou on GitHub (Jan 3, 2024).
Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/105

Description

I have an api token with tasks read all enabled.

image

when i use api token, api/v1/projects/1/tasks it doesn't works. shows
{
"message": "missing, malformed, expired or otherwise invalid token provided"
}

api token works for get projects.

if i login and uses bearer token from inspect, api/v1/projects/1/tasks loads fine.

discovered this when setting up n8n. #https://github.com/go-vikunja/n8n-vikunja-nodes/issues/1

Vikunja Frontend Version

0.22.0

Vikunja API Version

0.22.0

Browser and version

Chrome

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @ubeyou on GitHub (Jan 3, 2024). Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/105 ### Description I have an api token with tasks read all enabled. ![image](https://github.com/go-vikunja/api/assets/935938/84d652fe-73ad-4d28-865d-7aa26ae7d146) when i use api token, api/v1/projects/1/tasks it doesn't works. shows { "message": "missing, malformed, expired or otherwise invalid token provided" } api token works for get projects. if i login and uses bearer token from inspect, api/v1/projects/1/tasks loads fine. discovered this when setting up n8n. #https://github.com/go-vikunja/n8n-vikunja-nodes/issues/1 ### Vikunja Frontend Version 0.22.0 ### Vikunja API Version 0.22.0 ### Browser and version Chrome ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_
GiteaMirror added the bug label 2026-04-20 16:26:45 -05:00
GiteaMirror commented 2026-04-20 16:26:47 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 3, 2024):

Do the other endpoints work?

<!-- gh-comment-id:1875522315 --> @kolaente commented on GitHub (Jan 3, 2024): Do the other endpoints work?
GiteaMirror commented 2026-04-20 16:26:47 -05:00
Author
Owner
Copy Link

@ubeyou commented on GitHub (Jan 3, 2024):

tested endpoint such as get projects, it works. just tasks by project id not working.

<!-- gh-comment-id:1875737066 --> @ubeyou commented on GitHub (Jan 3, 2024): tested endpoint such as get projects, it works. just tasks by project id not working.
GiteaMirror commented 2026-04-20 16:26:48 -05:00
Author
Owner
Copy Link

@ubeyou commented on GitHub (Jan 4, 2024):

based on my quick testing, endpoint start with /projects , /routes , /teams all will return invalid token

/labels, /tasks, /info, /filters working fine

<!-- gh-comment-id:1876150348 --> @ubeyou commented on GitHub (Jan 4, 2024): based on my quick testing, endpoint start with /projects , /routes , /teams all will return invalid token /labels, /tasks, /info, /filters working fine
GiteaMirror commented 2026-04-20 16:26:49 -05:00
Author
Owner
Copy Link

@ubeyou commented on GitHub (Jan 4, 2024):

here is the api token permission returned by the api/v1/tokens when using login, can't access this with api token too

[
  {
    "id": 4,
    "title": "test2",
    "permissions": {
      "filters": [
        "create",
        "read_one",
        "update",
        "delete"
      ],
      "labels": [
        "create",
        "read_one",
        "read_all",
        "update",
        "delete"
      ],
      "notifications": [
        "read_all",
        "update"
      ],
      "projects": [
        "create",
        "read_one",
        "read_all",
        "update",
        "delete"
      ],
      "projects_buckets": [
        "create",
        "read_all",
        "update",
        "delete"
      ],
      "tasks": [
        "create",
        "read_one",
        "read_all",
        "update",
        "delete"
      ],
      "tasks_assignees": [
        "create",
        "read_all",
        "delete"
      ],
      "tasks_attachments": [
        "read_all",
        "delete"
      ],
      "tasks_comments": [
        "create",
        "read_one",
        "read_all",
        "update",
        "delete"
      ],
      "tasks_labels": [
        "create",
        "read_all",
        "delete"
      ],
      "tasks_relations": [
        "create",
        "delete"
      ]
    },
    "expires_at": "2024-04-02T01:31:59Z",
    "created": "2024-01-03T01:31:59Z"
  }
]
<!-- gh-comment-id:1876154253 --> @ubeyou commented on GitHub (Jan 4, 2024): here is the api token permission returned by the api/v1/tokens when using login, can't access this with api token too ``` [ { "id": 4, "title": "test2", "permissions": { "filters": [ "create", "read_one", "update", "delete" ], "labels": [ "create", "read_one", "read_all", "update", "delete" ], "notifications": [ "read_all", "update" ], "projects": [ "create", "read_one", "read_all", "update", "delete" ], "projects_buckets": [ "create", "read_all", "update", "delete" ], "tasks": [ "create", "read_one", "read_all", "update", "delete" ], "tasks_assignees": [ "create", "read_all", "delete" ], "tasks_attachments": [ "read_all", "delete" ], "tasks_comments": [ "create", "read_one", "read_all", "update", "delete" ], "tasks_labels": [ "create", "read_all", "delete" ], "tasks_relations": [ "create", "delete" ] }, "expires_at": "2024-04-02T01:31:59Z", "created": "2024-01-03T01:31:59Z" } ] ```
GiteaMirror commented 2026-04-20 16:26:49 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 4, 2024):

here is the api token permission returned by the api/v1/tokens when using login, can't access this with api token too

That endpoint only lists which permissions are available in general. It will not work with any api token, only user logins.

<!-- gh-comment-id:1876982723 --> @kolaente commented on GitHub (Jan 4, 2024): > here is the api token permission returned by the api/v1/tokens when using login, can't access this with api token too That endpoint only lists which permissions are available in general. It will not work with any api token, only user logins.
GiteaMirror commented 2026-04-20 16:26:50 -05:00
Author
Owner
Copy Link

@FuadAbdullah commented on GitHub (Jan 4, 2024):

Hi there, I would like to add to the discussion. I used Postman to see for myself the error message in case it provided further details as to what caused the 401 unauthorized error. Below are my findings:

URL and authorization header (URL and token obfuscated for security reasons)
image

Response body
image

API token scope
image

n8n Vikunja Get Many Tasks node error stack:

NodeApiError: Request failed with status code 401
    at RoutingNode.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/RoutingNode.js:117:23)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at Workflow.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/Workflow.js:733:23)
    at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:656:53

Vikunja API server logs via Dozzle
image

I also deployed Vikunja frontend and API servers as docker containers (with VIKUNJA_LOG_LEVEL: DEBUG environment variable set) and faced this issue while trying to set up a workflow using n8n and Telegram bot. I hope this information helps!

<!-- gh-comment-id:1877106849 --> @FuadAbdullah commented on GitHub (Jan 4, 2024): Hi there, I would like to add to the discussion. I used Postman to see for myself the error message in case it provided further details as to what caused the 401 unauthorized error. Below are my findings: URL and authorization header (URL and token obfuscated for security reasons) ![image](https://github.com/go-vikunja/api/assets/67743055/fca5aa42-d54e-4a76-9dda-a7b66cc51c45) Response body ![image](https://github.com/go-vikunja/api/assets/67743055/fc1b8465-95f8-4a22-abaf-64eb48768286) API token scope ![image](https://github.com/go-vikunja/api/assets/67743055/7fdbe61d-5a5e-49ff-ad55-f0eb8ec823ec) n8n Vikunja Get Many Tasks node error stack: ``` NodeApiError: Request failed with status code 401 at RoutingNode.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/RoutingNode.js:117:23) at processTicksAndRejections (node:internal/process/task_queues:95:5) at Workflow.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/Workflow.js:733:23) at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:656:53 ``` Vikunja API server logs via Dozzle ![image](https://github.com/go-vikunja/api/assets/67743055/5840c1a3-b3a5-41de-8ce2-c7563d285aef) I also deployed Vikunja frontend and API servers as docker containers (with `VIKUNJA_LOG_LEVEL: DEBUG` environment variable set) and faced this issue while trying to set up a workflow using n8n and Telegram bot. I hope this information helps!
GiteaMirror commented 2026-04-20 16:26:51 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 4, 2024):

This looks a lot like a bug. I'll take a look.

<!-- gh-comment-id:1877296887 --> @kolaente commented on GitHub (Jan 4, 2024): This looks a lot like a bug. I'll take a look.
GiteaMirror commented 2026-04-20 16:26:51 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Jan 14, 2024):

Fixed in 514ea71d93 - please check with the next unstable build if your problem went away.

<!-- gh-comment-id:1891074928 --> @kolaente commented on GitHub (Jan 14, 2024): Fixed in 514ea71d930d5faf3a36a4387291291ecda0ab48 - please check with the next unstable build if your problem went away.
GiteaMirror commented 2026-04-20 16:26:53 -05:00
Author
Owner
Copy Link

@requ1Re commented on GitHub (May 17, 2024):

Hi, sorry for maybe reopening this issue - but is this really fixed? I also get a lot of missing, malformed, expired or otherwise invalid token provided errors while testing the API lately. For example, getting a project background (/api/v1/projects/{id}/background) does always yield me this error, even on the try.vikunja.io instance. (API Key with full permissions). Another route which does not work is /api/v1/routes, for example.

<!-- gh-comment-id:2118438401 --> @requ1Re commented on GitHub (May 17, 2024): Hi, sorry for maybe reopening this issue - but is this really fixed? I also get a lot of `missing, malformed, expired or otherwise invalid token provided` errors while testing the API lately. For example, getting a project background (`/api/v1/projects/{id}/background`) does always yield me this error, even on the try.vikunja.io instance. (API Key with full permissions). Another route which does not work is `/api/v1/routes`, for example.
GiteaMirror commented 2026-04-20 16:26:54 -05:00
Author
Owner
Copy Link

@FuadAbdullah commented on GitHub (May 18, 2024):

Hey there, I can confirm those routes are not working after testing them myself. I tried /api/v1/projects/{id}/background with DELETE method and that doesn't work, even with full permission key too. I think there are more code 401 routes that is in need of testing. The last bug fix did work though so that is why I did not follow up after this case was closed. However, I am unsure if these bugs require a separate issue.

image

<!-- gh-comment-id:2118542154 --> @FuadAbdullah commented on GitHub (May 18, 2024): Hey there, I can confirm those routes are not working after testing them myself. I tried `/api/v1/projects/{id}/background` with `DELETE` method and that doesn't work, even with full permission key too. I think there are more code 401 routes that is in need of testing. The last bug fix did work though so that is why I did not follow up after this case was closed. However, I am unsure if these bugs require a separate issue. ![image](https://github.com/go-vikunja/vikunja/assets/67743055/3a52d70a-afb1-4b3b-852c-12641f99eca4)
GiteaMirror commented 2026-04-20 16:26:55 -05:00
Author
Owner
Copy Link

@requ1Re commented on GitHub (May 18, 2024):

Hey there, I can confirm those routes are not working after testing them myself. I tried /api/v1/projects/{id}/background with DELETE method and that doesn't work, even with full permission key too. I think there are more code 401 routes that is in need of testing. The last bug fix did work though so that is why I did not follow up after this case was closed. However, I am unsure if these bugs require a separate issue.

image

Thanks for confirming. I will create another issue.

<!-- gh-comment-id:2118766933 --> @requ1Re commented on GitHub (May 18, 2024): > Hey there, I can confirm those routes are not working after testing them myself. I tried `/api/v1/projects/{id}/background` with `DELETE` method and that doesn't work, even with full permission key too. I think there are more code 401 routes that is in need of testing. The last bug fix did work though so that is why I did not follow up after this case was closed. However, I am unsure if these bugs require a separate issue. > > ![image](https://private-user-images.githubusercontent.com/67743055/331755788-3a52d70a-afb1-4b3b-852c-12641f99eca4.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTYwMjg0NTQsIm5iZiI6MTcxNjAyODE1NCwicGF0aCI6Ii82Nzc0MzA1NS8zMzE3NTU3ODgtM2E1MmQ3MGEtYWZiMS00YjNiLTg1MmMtMTI2NDFmOTllY2E0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTE4VDEwMjkxNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWZlY2M4MjAyMjBmMzk3ZmE2NTVkMTk5ZDZhMDkxMTBiYjdjNzRkM2Y5ODI1NTBlYjMxNzIyNWZkNWVmMmNhYjQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.AFufFJ1oA6Exyr65yBUA4ZVDEUKRkc9ttTCf85Bj9iA) Thanks for confirming. I will create another issue.
GiteaMirror commented 2026-04-20 16:26:55 -05:00
Author
Owner
Copy Link

@ThreadsofDaemonS commented on GitHub (Aug 28, 2024):

Hi i have code like this:

import httpx
import asyncio
BASE_URL = "https://try.vikunja.io/api/v1"

API_TOKEN = "mytoken"

async def fetch_tasks():
url = f"{BASE_URL}/tasks"
async with httpx.AsyncClient() as client:
response = await client.get(url, headers={"Authorization": f"Bearer {API_TOKEN}"})
response.raise_for_status()
return response.json()

async def main():
tasks = await fetch_tasks()
print("Tasks:", tasks)

if name == "main":
asyncio.run(main())`

And i recieved error 401 how i can solve it?

<!-- gh-comment-id:2314890260 --> @ThreadsofDaemonS commented on GitHub (Aug 28, 2024): Hi i have code like this: import httpx import asyncio BASE_URL = "https://try.vikunja.io/api/v1" API_TOKEN = "mytoken" async def fetch_tasks(): url = f"{BASE_URL}/tasks" async with httpx.AsyncClient() as client: response = await client.get(url, headers={"Authorization": f"Bearer {API_TOKEN}"}) response.raise_for_status() return response.json() async def main(): tasks = await fetch_tasks() print("Tasks:", tasks) if __name__ == "__main__": asyncio.run(main())` And i recieved error 401 how i can solve it?
GiteaMirror commented 2026-04-20 16:26:56 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 29, 2024):

@ThreadsofDaemonS The route you're looking for is /api/v1/tasks/all (notice the all at the end)

<!-- gh-comment-id:2316924955 --> @kolaente commented on GitHub (Aug 29, 2024): @ThreadsofDaemonS The route you're looking for is `/api/v1/tasks/all` (notice the `all` at the end)
GiteaMirror commented 2026-04-20 16:26:56 -05:00
Author
Owner
Copy Link

@ThreadsofDaemonS commented on GitHub (Aug 29, 2024):

@ThreadsofDaemonS The route you're looking for is /api/v1/tasks/all (notice the all at the end)

Thanks i already find it, the problem was in instance, i was need to set working instance with port for work with it

<!-- gh-comment-id:2317362523 --> @ThreadsofDaemonS commented on GitHub (Aug 29, 2024): > @ThreadsofDaemonS The route you're looking for is `/api/v1/tasks/all` (notice the `all` at the end) Thanks i already find it, the problem was in instance, i was need to set working instance with port for work with it
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#5973
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?