Authentication

caution

The Ash Console is currently in alpha and not production-ready. It is under active development and subject to breaking changes.

Before interacting with the Ash Console, you need to authenticate yourself. The authentication flow depends on the tool you are using (Ash Console Web UI, Ash CLI, Ash Console API).

info

During the Console alpha, user accounts are created by the Ash team. If you want to get access to the Console alpha, please contact us!

• Register in advance
• Book a call
• DM us on Twitter
• Join our Discord

Authenticate using the Ash CLI

To authenticate, run:

Command

ash console auth login

The CLI will prompt you an URL and a code to enter in the browser:

Prompt

Logging in to the Ash Console at https://api.console.ash.center
Please open the following URL in your browser:
https://auth.console.ash.center/realms/jeeo/device
and enter the code: CGAX-GSVT

Once you have provided the code and authenticated yourself, the CLI will display the following message:

Login successful! The credentials have been stored in your device keyring.

note

The Console session lasts at most 24 hours (and 10 hours in case of inactivity). After that, you will need to login again. When trying to use the Console after the session has expired, you will get the following error:

Console OAuth2 error: failed to request OAuth2 token: Server returned error response

Authenticate using the Ash Console API

To get an access token and a refresh token for the Ash Console API, you need to use the OpenID Connect protocol:

curl -X POST -d "client_id=cf83e1357eefb8bd" \
  -d "username=alice" \
  -d "password=password4alice" \
  -d "grant_type=password" \
  "https://auth.console.ash.center/realms/jeeo/protocol/openid-connect/token" | jq

The access_token has to be used in the Authorization header of Ash Console API requests:

curl "..." \
  -H "Authorization: Bearer ${access_token}"

You can use the refresh_token to get a new access_token when the current one has expired:

curl -X POST -d "client_id=cf83e1357eefb8bd" \
  -d "refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3NGY4MzgyYi00NTVkLTQ1Y2QtODA3NS05YmZkM2Q4ZjZlYWEifQ.eyJleHAiOjE2OTgyMDQ2NTIsImlhdCI6MTY5ODE2ODY1MiwianRpIjoiMmQ1MTA1YzgtNWRkNy00OWFjLThlZmItOTY4ZjlkNjBjYTY4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDkwL3JlYWxtcy9qZWVvIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDkwL3JlYWxtcy9qZWVvIiwic3ViIjoiMjg3MDkwZWUtN2ZhZS00YmQ3LTkyNjMtZDY5MDk1OWVkYzI2IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImNmODNlMTM1N2VlZmI4YmQiLCJzZXNzaW9uX3N0YXRlIjoiMWY1Yjk3MmMtMWZlMC00MjU0LTlmMTctNjNkZmM1YTZkYTViIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwic2lkIjoiMWY1Yjk3MmMtMWZlMC00MjU0LTlmMTctNjNkZmM1YTZkYTViIn0.lKbwKZwqMLqk-K6T_iLwT-b3zw80Q1cOSuAgy0wEt2w" \
  -d "grant_type=refresh_token" \
  "https://auth.console.ash.center/realms/jeeo/protocol/openid-connect/token" | jq

note

An access token expire after 5 minutes and a refresh token after at most 24 hours (and 10 hours in case of inactivity). After that, you will need to authenticate again. When trying to use the Console API after the access token has expired, you will get the following response:

{
  "detail": "Provided token is not valid",
  "status": 401,
  "title": "Unauthorized",
  "type": "about:blank"
}

tip

An access token can also be obtain from the Ash CLI with the auth show-token command:

Command

ash console auth show-token

Output

Showing access token for the Ash Console at https://api.console.ash.center
Access token (valid):
eyJ...WcA

If the access token is marked as expired, you can use the auth refresh-token command to get a new one:

Command

ash console auth refresh-token

Output

Refreshing access token for the Ash Console at https://api.console.ash.center

Access token refreshed successfully!

tip

If you plan to use the API directly, run:

Command

ash console auth refresh-token
export access_token=$(ash console auth show-token | grep -)