Enable Authentication

I’m using the TigerGraph Enterprise Eval version:

The docs say to enable authentication - change the password for the user tigergraph. (There are 2 tigergraph users, server and gsql - I assume it refers to the gsql user). OK, I did this. However when I test for the authentication mode like this:
image

if a token was required (which it should be now) I would get an error message instead.

Note: I was able to generate a secret from the command line. I don’t know if this means anything.

Can someone please set me straight on this?

Thank you.

Hi George,

Changing the password of the tigergraph user (to something other than “tigergraph”) is only one of the two things you need to do to enable authentication. As a second step, the REST++ API needs to be secured, too. Was it done in your system?

Once it’s done, you can generate the secret (in GSQL) and then request tokens using that secret.

Probably not. What are the steps to secure it. I don’t recall seeing that in the docs.

Thank you

Here are the steps:

gadmin --configure RESTPP.Authentication
gadmin config-apply
gadmin restart restpp nginx vis -y

You can find more info on this here.

1 Like

OK, it looks like enabling authentication worked using those commands. Now:
http://MyURL:9000/echo

will fail because it’s now expecting a token which was not provided - where are before it would succeed.

I fetch a token, and using that token I add it to the header:

defaultHeaders.Add("Authorization", "Bearer " + _apiToken);

but it says the token is invalid:

“message”:"Access Denied because the input token = ‘5ao8dggsb0d96m9k5qmp91d727v1lcgm’ is invalid.

This all works on the free cloud account but not on our server using the Enterprise edition. Am I still missing a configuration?

As far as I know, you have multiple graphs. Make sure that the token you are using is from the appropriate graph. Or did you request it within the same session where you want to use it (i.e. by the same app)?

Yes, its for the correct graph, but also, it fails for calling echo which does not use a graph.

I got the same error: “message”:"Access Denied because the input token = ‘...’ is invalid.
My mistake was using the secret instead of using the /requesttoken?secret=...&lifetime=1000000 to get a token, and then using the token in the request.