[Feature] Support basic auth in server endpoint URL #3204

jeverling · 2023-07-11T01:07:03Z

jeverling
Jul 11, 2023

The feature

I run all services behind a reverse proxy that adds SSL and basic auth, using https://github.com/SteveLTN/https-portal
This way I have to worry much less about security issues, compared to when services are directly exposed.

Providing basic auth credentials using https://username:password@my.immich.tld/api doesn't seem to work, there is a popup visible for a short moment with a 401 error. Without basic auth the connection works fine (via https through the reverse proxy).

I do not want to provide the immich user credentials within the URL, but additional basic auth credentials to prevent any unauthenticated access to the API endpoint.

Platform

Server
Web
Mobile

kocane · 2023-11-14T21:49:49Z

kocane
Nov 14, 2023

I agree. Would be nice. Basic auth is a simple extra security layer.

0 replies

dekiesel · 2023-11-20T15:47:56Z

dekiesel
Nov 20, 2023

This would be great to have!

0 replies

YosenFree · 2023-12-18T08:58:28Z

YosenFree
Dec 18, 2023

I have the same need, it would be great if the author could add it

0 replies

jpg0 · 2024-01-22T05:36:34Z

jpg0
Jan 22, 2024

I'd like this too. I'll have a go at adding it to the mobile apps.

#6617

0 replies

nephre · 2024-12-17T18:36:49Z

nephre
Dec 17, 2024

+1 for this feature, I have the same setup

0 replies

JacobBrownAustin · 2024-12-18T18:19:40Z

JacobBrownAustin
Dec 18, 2024

@nephre , this was added in #6840 .
Have you tried it?

4 replies

nephre Dec 19, 2024

Is there any documentation how to use it? I have user:password defined in htpasswd, how does it map to x-immich-user-token? android app does not accept https://user:app@my.immich.app/api URL when connecting.

nephre Jan 7, 2025

Problems seem to be in # and $ characters that I have in my http password. When I type them raw, I get error from immich app that server URL is invalid. When I type my password urlencoded (with %23 in place of "#" character and %24 in place of "$"), I get invalid password message in server logs.
Is mobile app transforming http password somehow before sending it to server?

bebehei Jan 11, 2025

In case you have special chars in your password you usually must urlencode them. Then basic auth should work. However change the password to match your entropy with longer strings, but smaller alphabet (like only [a-zA-Z0-9]).

bebehei Jan 11, 2025

Well you've already done this. Sorry for the noise.

bo0tzz · 2025-01-11T12:24:10Z

bo0tzz
Jan 11, 2025
Maintainer

Any problems with this are now tracked in #15230

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature] Support basic auth in server endpoint URL #3204

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 7 comments 4 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

[Feature] Support basic auth in server endpoint URL #3204

The feature

Platform

Replies: 7 comments · 4 replies

bo0tzz Jan 11, 2025 Maintainer

Replies: 7 comments 4 replies

bo0tzz
Jan 11, 2025
Maintainer