Auto-generate API key for remote users

kkech · November 5, 2019, 10:22am

Hi,

I have a reverse proxy and I enabled remote users in Galaxy. I found in the documentation that users passwords are autogenerated randomly.

I am trying to get the API key with an GET Request to /api/authenticate/baseauth. The problem is I do not know the password.

Is there a solution for this issue?

tkarabatsis · November 28, 2019, 8:46am

Hello, are there any news on this?

innovate-invent · December 4, 2019, 7:58pm

Hi, I recently went down that rabbit hole. Long story short, you can’t.
Remote users are a relatively undeveloped feature and there is no remote user auth module that allows api access. The only way I could get it to work was to make a request to Galaxies front end (I think I was hitting ‘/user’) to have Galaxy issue a session cookie. Passing that session cookie to the API allowed access.

Why are you using remote auth? I worked out a much better way that you might also be able to use.

tkarabatsis · December 5, 2019, 10:26am

@innovate-invent We are using remote auth because we have Galaxy behind a reverse proxy. We would like to be able to make api calls but also show galaxy inside an iframe in a separate page.

With your solution I guess we will not be able to show Galaxy inside an iframe with authentication. Am I right?

innovate-invent · December 5, 2019, 5:00pm

Can you give more detail on your application. Where are the credentials coming from for the remote auth?
Why do you need Galaxy behind a reverse proxy?
What part of Galaxy is being displayed in the iframe?
Where are the API calls being made from? the web client? a server side application?

kkech · December 9, 2019, 7:21am

Hi @innovate-invent,

Thank you for helping us.

We have Galaxy behind a reverse proxy. We use Apache as a reverse proxy. Reverse proxy uses basic auth in order to validate user identity. Auth credentials coming from a file.

Our Apache .conf file contains:
…
AuthType basic
AuthName Galaxy-Protected
AuthBasicProvider file
AuthUserFile /etc/apache2/htpasswd
…

All the galaxy UI is behind this reverse proxy. The API is accessible through Apache. The code for the API call is the following:
ProxyPass /api uwsgi://127.0.0.1:4001/api

I am trying to get the API key with an GET Request to /api/authenticate/baseauth. The problem is I do not know the password for the user(remote users auto-generate passwords).

innovate-invent · December 9, 2019, 4:42pm

Sorry, I meant more can you walk me through the application flow.

So a (external?) user authenticates against a webpage? using baseauth. The javascript? also makes galaxy api calls to fetch some of its content? that is specific to each user. The website also uses an iframe to directly use galaxy to render something?

Given the htpasswd file, are these users manually added?

Basically the solution is to not use remote auth. I can be more specific on how to do that with a better idea of your application flow.