🐛 Bug: Unauthorized access when using API token in n8n node

[samjaninf]

Please confirm if bug report does NOT exists already ?

• I confirm there is no existing issue for this

Steps to reproduce ?

Using n8n, set the NocoDB node to the v0.200.0 Onwards and set up a NocoDB API Token credential.

Then try to connect to an updated nocodb instance.

Desired Behavior

I should be able to list Tables and CRUD on any Bases/Projects in the NocoDB instance.

I am aware a few other bugs existed with similar issues but this problem still exists for me.

#5713
#6328

When I use the API Token credential it allows me to read the Base/Projects, but not the Tables, and I get Unauthorized Access when I try to run the node. Same exact issue as with #6328 .

It works with the User Auth Token but I can't get the NC_JWT_EXPIRES_IN environment variable to work properly either, It seems to still expire in 10 hours but doesn't create a new one if this envar is set. So it just gets stuck in limbo.

Project Details

Node: **v18.17.1**
Arch: **x64**
Platform: **linux**
Docker: **true**
RootDB: **pg**
PackageVersion: **0.202.8**

Attachments

No response

[mertmit]

Hey @samjaninf, thank you for reporting, this should be fixed by #7083
You can wait for next release or try our PR build immediately docker run -d -p 8888:8080 nocodb/nocodb-timely:0.202.8-pr-7083-20231124-1008
Let me know if you give it a try 🙌

[VictorDelCampo]

@mertmit
After updating from 0.111.4 to the latest version 0.202.9 we realised that the API token access is not working anymore. We get on every table access a HTTP 403 with the response:

{
    "msg": "Unauthorized access"
}

We tested the access with a JWT token and it work.s Even created a new API token but same 403 result.

Is this issue really solved?

[mertmit]

Hi @VictorDelCampo,
Which API are you trying to access?

[VictorDelCampo]

We are trying to access the API of our internal nocodb instance. Both v1 and v2 do not accept the API token

[mertmit]

I mean is it for all endpoints, because right now I am confirming with data endpoints and it is working.
If you have an example failing endpoint that would be great

[VictorDelCampo]

Oh sorry!

• /api/v1/db/data/v1/XXXX
• /api/v2/tables/md_06l2wnshobrh6o/records

[mertmit]

For example:

curl --location 'http://localhost:8080/api/v2/tables/mz9sq4oplihwnbg/records' \
--header 'xc-token: C5cd_YzQFVzCCzNii_KcSe_eXuKIlA2NXGShxPK0' \

this example request works on my local tests for v0.202.9
can you try replacing your token and table id, or can you see is there something different?

[VictorDelCampo]

I created a new API token and tried our any other table and same problem.
JWT token is working properly.

This is our project info:
Node: v18.17.1
Arch: x64
Platform: linux
Docker: true
RootDB: pg
PackageVersion: 0.202.9

[mertmit]

if you are trying with n8n can you confirm you are selecting API Token for credentials and not User Token

[VictorDelCampo]

We are creating it through nocodb:

[mertmit]

I would like to confirm you are providing header as xc-token not xc-auth as xc-auth only works with user token whereas xc-token works with API Token.

[VictorDelCampo]

Yes we are using xc-token for the header, when using the API key

[mertmit]

Can you confirm what is the role of the user that token belongs to? (Org Role and Base Role)

[mertmit]

@VictorDelCampo thank you for reporting this, I've find a typo which leads to this, created a fix PR.
This should fix your issue. PR Build will be available soon (actions takes 25~mins), I will ping it here, it would be great help if you can confirm on your side.

[VictorDelCampo]

Awesome finding. Thanks for the quick support. I will confirm on my side once the bug fix is done and you ping here

[mertmit]

Here is the PR build: docker run -d -p 8888:8080 nocodb/nocodb-timely:0.202.9-pr-7213-20231212-1405

[VictorDelCampo]

Are you planning on creating a new release with the bug fix? I guess other users are also affected and would need the bug fix

[Petrogrado1917]

You guess right. I'm also affected and blocked. Please, guys, bug this fix. Thanks in advance

[mertmit]

@Petrogrado1917 our latest bugfix release should work for you, are you still having problem https://github.com/nocodb/nocodb/releases/tag/0.202.10

[Petrogrado1917]

I didn't test it yet. I Will do it as soon as possible. Thanks a lot. Enviado desde Yahoo Mail con Android El jue, dic 14, 2023 a 14:17, ***@***.***> escribió: @Petrogrado1917 our latest bugfix release should work for you, are you still having problem https://github.com/nocodb/nocodb/releases/tag/0.202.10 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***>

[Petrogrado1917]

It works ¡¡¡ El jue, 14 dic 2023 a las 17:34, ***@***.*** (< ***@***.***>) escribió:

…

I didn't test it yet. I Will do it as soon as possible. Thanks a lot. Enviado desde Yahoo Mail con Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_YMktg_315_Internal_EmailSignature&af_sub1=Acquisition&af_sub2=Global_YMktg&af_sub3=&af_sub4=100000604&af_sub5=EmailSignature__Static_> El jue, dic 14, 2023 a 14:17, mertmit ***@***.***> escribió: @Petrogrado1917 <https://github.com/Petrogrado1917> our latest bugfix release should work for you, are you still having problem https://github.com/nocodb/nocodb/releases/tag/0.202.10 — Reply to this email directly, view it on GitHub <#7084 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3W7PLBHBAHFJSYWMSV6AW3YJL353AVCNFSM6AAAAAA7Y5RONOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJVHAZTKNJSHE> . You are receiving this because you were mentioned.Message ID: ***@***.***>