jfa-go
jfa-go copied to clipboard
hrfee
Failed to get user(s) from Jellyfin: Unauthorized, check credentials.
Read the FAQ first!
Describe the bug
I'm able to login with my Jellyfin (admin) user, but when I tried to check the accounts, I got this error. Also when I'm login with another user I can log in, but got an almost empty my account page.
To Reproduce
Login with a Jellyfin user and setup the Jellyseerr with import existing users and done.
Logs
Getting all accounts:
[GIN/DEBUG] 13:43:02: GET(/users/announce) => 200 in 342.92µs;
[ERROR] 13:43:02 api-users.go:895: Failed to get user(s) from Jellyfin: Unauthorized, check credentials.
[GIN/DEBUG] 13:43:02: GET(/users) => 500 in 2.052397ms;
Login with an account:
[INFO] 13:47:38 Token requested (userpage login attempt)
[GIN/DEBUG] 13:47:39: GET(/my/token/login) => 200 in 532.768431ms;
[ERROR] 13:47:39 api-userpage.go:34: Failed to get user(s) from Jellyfin: Unauthorized, check credentials.
[GIN/DEBUG] 13:47:39: GET(/my/details) => 500 in 1.641545ms;
[GIN/DEBUG] 13:47:48: GET(/my/account?lang=en-gb) => 200 in 1.41425ms;
Configuration
config.ini:
[jellyfin]
username = blint
password = nonononononono
server = http://jellyfin:8096
public_server = https://jelly.example.com
client = jfa-go
cache_timeout = 30
type = jellyfin
substitute_jellyfin_strings = Epic Name for Jellyfin
...
[jellyseerr]
enabled = true
server = https://jellyseerr.example.com
api_key = token
import_existing = true
Platform/Version
Kubernetes, using docker image.
hrfee/jfa-go@sha256:7d1d05d5ccac59182747f62f49c08bb197a575e199abdd05c0c24020ec173355
I'm kinda clueless here, jfa-go won't start if it can't log in to the given account, so unless it's not actually an "Unauthorized" error, i'm not sure. Could you try logging in with the "blint" user on Jellyfin, and accessing the users list?
Could you try logging in with the "blint" user on Jellyfin, and accessing the users list?
Yes, that's my main user, and I'm using it daily, that's why I can't understand what's going on.
When tried the latest docker image, everything was fine and I could access the users list.
That's really odd, I've just done a comparison between the latest api client and the one used in 0.5.1, and they are functionally identical. I also tried the :latest and :unstable docker, both worked as expected for me. Could you try a full refresh on your browser (Ctrl-Shift-R) (I don't expect this'll do anything but why not), and maybe using another account (in the config) for jfa-go?
Hmmm, I tried from a whole different computer, with a different browser, but the problem is still there... I created a new technical user with admin privs on Jellyfin, and gave that user to jfa-go, and nothing changed...
I don't know if this is relevant, but I just spotted this in the logs:
[ERROR] 11:17:35 updater.go:571: Failed to get latest tag: Tag at "https://builds.hrfee.pw/repo/hrfee/jfa-go/tag/latest/docker-latest" was empty
here's my whole config.ini:
first_run = false
[updates]
enabled = true
channel = stable
login_appearance = opaque
jfa_url = https://accounts.example.com
[jellyfin]
username = technical
password = XXXX
server = http://jellyfin:8096
public_server = https://jelly.example.com
client = jfa-go
cache_timeout = 30
type = jellyfin
substitute_jellyfin_strings = Jellyfin
[ui]
language-form = hu-hu
language-admin = en-us
theme = Jellyfin (Dark)
host = 0.0.0.0
port = 8056
jellyfin_login = true
admin_only = true
allow_all = false
debug = true
contact_message = Need help? contact me.
help_message = Enter your details to create an account.
success_message = Your account has been created. Click below to continue to Jellyfin.
redirect_url =
auto_redirect = false
[advanced]
[activity_log]
keep_n_records = 1000
delete_after_days = 90
[user_page]
enabled = true
show_link = true
referrals = true
allow_pwr_username = true
allow_pwr_email = true
allow_pwr_contact_method = true
[password_validation]
enabled = true
min_length = 12
upper = 1
lower = 1
number = 1
special = 0
[messages]
enabled = true
use_24h = true
date_format = %d/%m/%y
message = Need help? contact me.
[email]
language = hu-hu
no_username = false
method = smtp
address = [email protected]
plaintext = false
collect = true
required = true
require_unique = false
[smtp]
username = XXXXX
encryption = starttls
server = smtp.azurecomm.net
port = 587
password = XXXX
hello_hostname = localhost
ssl_cert =
cert_validation = true
auth_type = 4
[discord]
enabled = false
show_on_reg = true
required = false
require_unique = false
token =
start_command = start
channel =
provide_invite = false
invite_channel =
apply_role =
disable_enable_role = false
language = en-us
[telegram]
enabled = true
show_on_reg = true
required = false
require_unique = false
token = XXXXXXXXXXXXX
language = hu-hu
[matrix]
enabled = false
show_on_reg = true
required = false
require_unique = false
homeserver =
token =
user_id =
topic = Jellyfin notifications
language = en-us
encryption = true
[password_resets]
enabled = true
watch_directory = /jf
link_reset = true
set_password = true
url_base = https://accounts.example.com
language = hu-hu
email_html =
email_text =
subject =
[invite_emails]
enabled = true
email_html =
email_text =
subject =
url_base = https://accounts.example.com
[template_email]
email_html =
email_text =
[notifications]
enabled = true
expiry_html =
expiry_text =
created_html =
created_text =
[jellyseerr]
enabled = true
server = https://jellyseerr.example.com
api_key = XXXXXXXXX
import_existing = true
[backups]
enabled = false
path =
every_n_minutes = 1440
keep_n_backups = 20
[welcome_email]
enabled = true
subject =
email_html =
email_text =
[email_confirmation]
enabled = true
subject =
email_html =
email_text =
[user_expiry]
behaviour = disable_user
delete_expired_after_days = 0
send_email = true
subject =
email_html =
email_text =
adjustment_subject =
adjustment_email_html =
adjustment_email_text =
[disable_enable]
subject_disabled =
subject_enabled =
disabled_html =
disabled_text =
enabled_html =
enabled_text =
[deletion]
subject =
email_html =
email_text =
[webhooks]
created =
[files]
invites =
password_resets =
emails =
users =
ombi_template =
user_profiles =
html_templates =
lang_files =
custom_emails =
custom_user_page_content =
telegram_users =
matrix_users =
matrix_sql =
discord_users =
I just backed up my db, and config.ini, and restarted everything with the latest image tag, and I can see all the accounts in Jellyfin.
When I changed back to unstable, the accounts are disappearing again... I backed up the two db, if you can think of something to look for, I could check.
If the same "Unauthorized, check credentials" error is appearing in the logs, then the database shouldn't matter, but to make sure, could you try the unstable but first remove the database? It's stored in <your /data mount>/db, just try moving it to a different directory and running again.
Could you try the unstable version that finished building a few minutes ago? It should output more detail on the error. Also, I should have asked before, but have you checked Jellyfin's logs?
using latest unstable: hrfee/jfa-go@sha256:56557ce733394eac77e25deb98ebe982cd5f035d58bb51c85a526f6fd568312c
jfa-go logs (new unstable)
get all users
[GIN/DEBUG] 14:02:41: GET(/users/announce) => 200 in 136.125µs;
[GIN/DEBUG] 14:02:41: GET(/users) => 500 in 1.468897ms;
[ERROR] 14:02:41 api-users.go:895: Failed to get user(s) from Jellyfin: 401 Unauthorized, check credentials.
get one user (My Account)
[INFO] 14:02:59 Token requested (userpage login attempt)
[GIN/DEBUG] 14:03:00: GET(/my/token/login) => 200 in 561.789724ms;
[ERROR] 14:03:00 api-userpage.go:34: Failed to get user(s) from Jellyfin: 401 Unauthorized, check credentials.
[GIN/DEBUG] 14:03:00: GET(/my/details) => 500 in 1.54029ms;
Jellyfin logs meanwhile:
[14:12:35] [DBG] [78] Jellyfin.Api.Auth.CustomAuthenticationHandler: AuthenticationScheme: CustomAuthentication was not authenticated.
[14:12:35] [DBG] [78] Jellyfin.Api.Auth.CustomAuthenticationHandler: AuthenticationScheme: CustomAuthentication was not authenticated.
[14:12:35] [INF] [78] Jellyfin.Api.Auth.CustomAuthenticationHandler: AuthenticationScheme: CustomAuthentication was challenged.
I'm still clueless, sorry. My next idea is a bit annoying for you to do, I apologise, but you can use socat to man-in-the-middle Jellyfin, so we can see exactly what jfa-go sends/receives. I managed to do it like so:
- Change the port of Jellyfin in
config.ini:[jellyfin]/[server]to 8097 (or something else) - Run
socat -v TCP-LISTEN:8097 TCP:jellyfin:8096 2> /tmp/log.txt - In another terminal, run jfa-go, open the web ui, log in and access the user page.
- Quit the socat command with
Ctrl+C. - Open
/tmp/log.txtin a text editor, and look for the line like this:GET /users HTTP/1.1\r. A few lines below there will be this:{"Password":"yourPassword","Pw":"yourPassword","Username":"blint"}. Remove/censor it so you don't leak your password. Copy and send me the ~30 lines including and below theGET /usersline. You should also censor theTokenin theX-Emby-Authorization/Authorizationheader (i've marked it below as CENSORME). There probably won't be any more sensitive information, but check just in case.
Here's an example of what I got:
GET /users HTTP/1.1\r
Host: 192.168.1.249:8097\r
User-Agent: jfa-go/git\r
Content-Length: 58\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go", Device="jfa-go", DeviceId="jfa-go-git-f4a7238", Version="git", Token="CENSORME"\r
\r
{"Password":"CENSORME","Pw":"CENSORME","Username":"myUsername"}< 2024/08/29 16:34:00.000764787 length=238 from=3959 to=4196
HTTP/1.1 200 OK\r
Content-Type: application/json; charset=utf-8\r
Date: Thu, 29 Aug 2024 15:34:00 GMT\r
Server: Kestrel\r
Content-Encoding: gzip\r
Transfer-Encoding: chunked\r
Vary: Accept-Encoding\r
X-Response-Time-ms: 0.4647\r
\r
a\r
..\b.......\r
< 2024/08/29 16:34:00.000764926 length=1047 from=4197 to=5243
3fc\r
.W[s.:../~N...\\.\b$.tH......\aYZ.&Bb$.....w%.`......L.`........%.B6...Lpi..h z\az.P..c..a.....I...R....,........X
..0B....%....\r.}.v....'b...'......h.d.W.....kb.G..\b...%...\v..j.e4*.sb..L.uqu.N.2.\\v....(......v.$...r.cj......T.....}.......B.q..z..>V1...r+`N.. +Xh.A...34?.f..o.1\\....(....?Z.[`7J0.(....SB..&....X.%.`DJ.o...X!_sE.x..;....~ie..3vfac...(.W......'M.'.....L..U..a..\f.O..*.N....j.....-..*.lU....=P..ko..?Mz..."Z(.)..D33f.....X...3..3.J.R.s.....e...FE..Ry.K..^sz.tf.....\b%e..........X\b.T..._\r.#...v./....%].+...+.\a.*1b...e.\a4,...|.Z.....A;\v\a.2.5AjLa.i.\\...4. 's......z....{.a..Y.....Qu..&\rU\f[...7..'....V...(.k.7JS\b.Y...7....e..1Eb.yP....F.M..CD..z.B...,..6.....B......~X..QtdV(.I..dM..q.|.7.....\ai.......a<.H.....uR...\r.Rj. W.p6=.../.8g.....D..a.o..-
\\Vt...U.l"...#.&...K.\v.....u..ox.\rG.....!..j.|
+.3\b...l.5..m...\a.jZ..Z.}p.\aGu5.....s..0\b.(..].V4....%....K.D......U.]...O..8...H7M!.&4o.<Eq...Q....;..Fq....}...Z...(....^.v...6...|.....o...\f.X....c..!......Fr..}...;....#...I.2...R...p.!...........q..m..=.~......\r
Here's my socat log, I left the /Users/authenticatebyname request too, because there you can see, that I'm able to login successfully with my account (blint), but when the /users endpoint is called, the body seems to be missing to me...
POST /Users/authenticatebyname HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go/git\r
Content-Length: 89\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go", Device="auth", DeviceId="auth", Version="git"\r
\r
{"Password":"XXXXX-XXXXX-XXXXX","Pw":"XXXXX-XXXXX-XXXXX","Username":"blint"}
< 2024/08/30 06:10:15.000641004 length=240 from=0 to=239
HTTP/1.1 200 OK\r
Content-Type: application/json; charset=utf-8\r
Date: Fri, 30 Aug 2024 06:10:15 GMT\r
Server: Kestrel\r
Content-Encoding: gzip\r
Transfer-Encoding: chunked\r
Vary: Accept-Encoding\r
X-Response-Time-ms: 546.4052\r
\r
a\r
..\b.......\r
< 2024/08/30 06:10:15.000642141 length=1534 from=240 to=1773
5e3\r
.WMs.8\f./:7.R.gn..l.q.l...;{.\a.p#..QJ.....$%.v.n...b..A..G.%.l..._.....<..n..]......BS....J.i.$.I!X.D..rH.<Fo......
Bx..Y^.$...Y......n[...n..kX.5.g.+..KQ.x\bd.".*2.2).. n...-.....M...M3.Tz...~.x..........\r.5L..,.Z7..`_p.y...\\1b.'g.8cdE.sJ.i:.3..$.\v.s.S..G..~m..4...c_.i..Y.f.cEn[...F...Y...|w.......Z.....{........v.1....Y_n.5
.>.......L..E...`.......,.c..C...k.K..~.....j.0........bpP......d.pF..\v...5<.s....U.a i..M.J$ x.gU.CY.".9"\v]r..`.....)[email protected].. .%[email protected]<[email protected]...\b...\\.*.Bd.......).eL]..b..lB...yRpJ\v"I....%.P.....S.....W&T\\d.C.s...*..C$.L...b d...4.e.._ .l7.`c/.e..N..\\..Ai~l...8|..7a.H.;..F@.!..._..c...\b....n@...;k\f1C....=...!..K..+...Z..K4.S....].;.:..1....d@...{E.5o...@%...\\.......Z..:.\b_Gz.....k#.@.\f\r....y:[email protected]*%X........T_;Z.f.....1v..2.C4l...u.kM.....C.N....z..1.....<.y..8........kpX....>.0.c.%.p.......Xi...qJ_...$.....0X... ..i%..,M...E8.nW=....;..a.'.W....[(..e........5.(..#|.0.b.z.?\\..v.tDVh.I....7\r.......o..#...w.<.Z+..M;......1.....n...P..P..L..g.u.?.\a\r.\br'.~W(.m...\\"0..6..Wd....pr.........c.Bot.\r%...Z....5...0.|...U....d2.lk/...N<.&.w..8(...t\a.....f.\f. ..=r+.....6.....hm...q......H.g....2.................ue.bw..S..:|.1.{.F.......<N..Ji..^...:6.[.t.\vN.B^N1}oW..(o.~.5-.03.\ro....lGr8}.g9..:.XG.9...+......g........G\aW.!2.%`..Q.XeD....$.. ...
o.b.lq......Z.U.XU0gJK".r..+..N...d..y.cV.V.lm0./..).iV...96sv..a..gD\b.g.."...&hs.nS..!......m..t.EN{.}..,Z#!q..A N...........7......g.=.....x....c.3.......c....i...[?;.......O.+....\bG:%[email protected]\b......?..~.....\r
a\r
...I.x.\r..\r
0\r
\r
> 2024/08/30 06:10:18.000770914 length=332 from=445 to=776
GET /users HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go/git\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go", Device="jfa-go", DeviceId="jfa-go-git-f4a7238", Version="git"\r
\r
< 2024/08/30 06:10:18.000773773 length=130 from=1774 to=1903
HTTP/1.1 401 Unauthorized\r
Content-Length: 0\r
Date: Fri, 30 Aug 2024 06:10:18 GMT\r
Server: Kestrel\r
X-Response-Time-ms: 0.7508\r
\r
in the config.ini there is still the technical user...
[jellyfin]
username = technical
password = XXXX-XXXX-XXXX
server = http://localhost:8097
public_server = https://example.io
client = jfa-go
cache_timeout = 30
type = jellyfin
substitute_jellyfin_strings = Epic Name
Apologies, I've been away for the past few days, and didn't see a notification for this. You said the body appears missing for GET /users, do you mean the outgoing request body, i.e. {"Password":"XXXXX-XXXXX-XXXXX","Pw":"XXXXX-XXXXX-XXXXX","Username":"blint"}, is missing? Also, just to confirm, you removed the , Token="xxxxxxxxxx" part from the end of the X-Emby-Authorization line, and it was originally there, right?
o you mean the outgoing request body, i.e. {"Password":"XXXXX-XXXXX-XXXXX","Pw":"XXXXX-XXXXX-XXXXX","Username":"blint"}, is missing?
yapp, exactly
Also, just to confirm, you removed the , Token="xxxxxxxxxx" part from the end of the X-Emby-Authorization line, and it was originally there, right?
nope, there was no Token at all :/
That seems like the issue, the /users request is being sent without any authentication. I've just spent ages going down the rabbit hole of trying to re-assemble and parse these requests to check if an access token was actually sent by Jellyfin, but haven't had any luck. I've added manual checks for if the authenticated-ness of the client when getting users and the build should be done, could you try it (and do the same socat thing as above if it doesn't work)? Thanks and sorry again.
@hrfee thanks for still debugging with me! I just joined your discord server, if you think there we could make progress faster, we could migrate the debugging there.
I just created a new container with the latest unstable image, and run the socket, here is the result:
> 2024/09/04 18:24:07.000411074 length=621 from=0 to=620
POST /Users/authenticatebyname HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go/git\r
Content-Length: 89\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Authorization: MediaBrowser Client="jfa-go", Device="auth", DeviceId="auth", Version="git", Token="FINALLY-APPEARED-SOMETHING-HERE"\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go", Device="auth", DeviceId="auth", Version="git", Token="FINALLY-APPEARED-SOMETHING-HERE"\r
\r
{"Password":"XXXX-XXXX-XXXX","Pw":"XXXX-XXXX-XXXX","Username":"blint"}
< 2024/09/04 18:24:08.000290799 length=1778 from=0 to=1777
HTTP/1.1 200 OK\r
Content-Type: application/json; charset=utf-8\r
Date: Wed, 04 Sep 2024 18:24:07 GMT\r
Server: Kestrel\r
Content-Encoding: gzip\r
Transfer-Encoding: chunked\r
Vary: Accept-Encoding\r
X-Response-Time-ms: 875.7095\r
\r
a\r
..\b.......\r
5e7\r
.WMs.8\f./:7.J.....$[u.4..=...(.r..D.(%.d..\v..c.i....1\b. ..#..|6.../.\ro 8..Z.}..XA.\b]!..$"....cq,.(K..."\r9.$.....QHe....<..4.1..FIN..\v.~..jx.+...5.`p..,.Q^.\f...V$.Y"..B.0.M.....<.......i..Jm...O./...:T.6....e\r...K.Qmp>.....r.{[..D....H....(>'.,Mh...\v...s..G..~m..4...c_.. .^.v3`En;...V.......|w.......;.......W}\r? p...c\\+cT...*.%.}.?:=lA^.ZB....A.........1..1.B.5..uk.(x.G.5]j...z{.>u...u.G.a.".9\r.0*9..\vx..4.C$V...\b./C.Ve\f%...."..2c"Ef.K
I\f4...... .4.s"9. .(..d,....1-...1d9..i*...{. .y.JQ..,.2\v.. ......FI+*C. d.q......\b.pJ0i..!ae....2-.....RFYB9D.w...<.0DLr&!
+
.H..<.D.`..H;..=4..Y..C.Br.........`...h...=......Qf..^.....{x0o....c{..5.X [email protected]...*.w...3.....%`\a....Wf].....T..5........N.7V\v...M..26..Z.\a.(C#..u...\r.L+...9..\fn...o+q.r.m[Y.\\..-....Xz......P\a.N...O.=t..}.....;.......3...g.W........E..o.s\f...Nb.79.MK(A..Z........Hb...k
.....b\\.N...J...Q.#...Cn\\ .....z.x...H.|.&/..........G ...*.........\b....,.. .rq....S.W.Q.7....V.[...V.=c......z..DP`.s7Z.{.t\a...z....u.?.\a\rVHr+.n./.....X!1.P...Ud... ...#.k...W....j..\r%...J.......'?.|...U....dV4....s53.@..;.V....Y.......3\f......z+Xt......V.{hM...q.m.V.j......~Y.v.....8.\f.@.
s=...U...x..T./7../..h...w|,......v..G...-......+d>/.....n;..j.nu.9,t..V....fj..o.,..[.1.6o....J....w..[..v..c.O...cd....e+o...$|.gq4#...c....8..(.fI..j.U..UF...DPi'[[._.n.....p\\......Fc._.....\bQJ.i...\\..x(..\f\b!.... 9w........f..ck.m.6.e..bO...2.Y......x%8.....\r._.=.7..............x5...c.3.b0.n..1....4.......n.<...&..~..K (#q..8.,....1$..#Y.S&...^.F...O........\r
a\r
...=...\r..\r
0\r
\r
> 2024/09/04 18:24:08.000409692 length=538 from=621 to=1158
POST /Users/authenticatebyname HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go-test/git\r
Content-Length: 38\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Authorization: MediaBrowser Client="jfa-go-test", Device="jfa-go", DeviceId="jfa-go-git-c7995cd", Version="git"\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go-test/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go-test", Device="jfa-go", DeviceId="jfa-go-git-c7995cd", Version="git"\r
\r
{"Password":"","Pw":"","Username":""} <<<--- NOPE, THERE'S NO PASSWORD HERE, I DIDN'T REMOVED IT
< 2024/09/04 18:24:08.000415658 length=200 from=1778 to=1977
HTTP/1.1 400 Bad Request\r
Content-Type: text/plain\r
Date: Wed, 04 Sep 2024 18:24:07 GMT\r
Server: Kestrel\r
Transfer-Encoding: chunked\r
X-Response-Time-ms: 3.2311\r
\r
19\r
Error processing request.\r
0\r
\r
``
Is there another POST /Users/authenticatebyname earlier, which (hopefully) uses the "technical" account? if so, could you post its content?
Also, the fact that those values are blank might mean the account isn't being read from your config for some odd reason. Make sure there's not duplicate entries for the [jellyfin] -> username/password settings, and once again there'll be a new build up in the next 10 minutes or so for you to try which will complain if the username and password are blank.
Also, I'd completely forgot there's a little test built into jfa-go, if you can get the program outside kubernetes/docker and run ./jfa-go test, it'll print out some potentially useful information, and try to get a list of users.
Finally, if you don't mind, i'd prefer doing this through Github, I don't have discord installed on my computer and keep notifications turned off for it on my phone.
Unfortunately I don't see any new images on dockerhub, and no new commits on master branch.
I run the test with the 3 hours ago released image:
./jfa-go test -c /data/config.ini
jfa-go version: git (c7995cd)
Socket Path: "/tmp/jfa-go.sock"
2024/09/04 19:28:57 Using external storage
[ERROR] 19:28:57 config.go:70: No "External jfa-go URL" provided, set one in Settings > General. Your login won't save until you do.
[INFO] 19:28:58 Loaded config file "/data/config.ini"
[DEBUG] 19:28:58 main.go:379: Starting Jellyseerr client
badger 2024/09/04 19:28:58 INFO: All 0 tables opened in 0s
badger 2024/09/04 19:28:58 INFO: Discard stats nextEmptySlot: 0
badger 2024/09/04 19:28:58 INFO: Set nextTxnTs to 0
[INFO] 19:28:58 Connected to DB "/root/.config/jfa-go/db"
[INFO] 19:28:58 Using Jellyfin server type
[INFO] 19:28:58 Authenticated with Jellyfin @ "http://jellyfin:8096"
The duplicate URL Base settings in "Invite emails" and "Password Resets" have been merged into General > External jfa-go URL. A backup config has been made.
[INFO] 19:28:58 Migrating to Badger(hold)
[INFO] 19:28:58 All data migrated to database. JSON files in the config folder can be deleted if you are sure all data is correct in the app. Create an issue if you have problems.
[DEBUG] 19:28:58 main.go:463: Using Jellyfin for authentication
----
authenticated? : false
access token :
username :
server : http://jellyfin:8096
server version : 10.9.10
server name : Blintflix
GetUsers: err 0 Unauthorized, check credentials. maplength 0
View output? [y/n]: n
Enter a user to grab: blint
UserByName (blint): code {{%!d(bool=false) 0 %!d(string=)}} err %!s(MISSING)
this is my whole config.ini, copied from the running instance:
cat /data/config.ini
first_run = false
[updates]
enabled = true
channel = stable
login_appearance = opaque
jfa_url = https://test-accounts.example.com
[jellyfin]
username = technical
password = XXXX-XXXX-XXXX
server = http://jellyfin:8096
public_server = https://example.com
client = jfa-go-test
cache_timeout = 30
type = jellyfin
substitute_jellyfin_strings = Jellyfin
[ui]
language-form = hu-hu
language-admin = en-us
theme = Jellyfin (Dark)
host = 0.0.0.0
port = 8056
jellyfin_login = true
admin_only = true
allow_all = false
debug = true
contact_message = Need help? contact me.
help_message = Enter your details to create an account.
success_message = Your account has been created. Click below to continue to Jellyfin.
redirect_url =
auto_redirect = false
jfa_url = https://test-accounts.example.com
[advanced]
[activity_log]
keep_n_records = 1000
delete_after_days = 90
[user_page]
enabled = true
show_link = true
referrals = true
allow_pwr_username = true
allow_pwr_email = true
allow_pwr_contact_method = true
[password_validation]
enabled = true
min_length = 12
upper = 1
lower = 1
number = 1
special = 0
[messages]
enabled = true
use_24h = true
date_format = %d/%m/%y
message = Need help? contact me.
[email]
language = hu-hu
no_username = false
method = smtp
address = [email protected]
plaintext = false
collect = true
required = true
require_unique = false
[smtp]
username = XXXX-XXXX-XXXX
encryption = starttls
server = smtp.azurecomm.net
port = 587
password = XXXX-XXXX-XXXX
hello_hostname = localhost
ssl_cert =
cert_validation = true
auth_type = 4
[discord]
enabled = false
show_on_reg = true
required = false
require_unique = false
token =
start_command = start
channel =
provide_invite = false
invite_channel =
apply_role =
disable_enable_role = false
language = en-us
[telegram]
enabled = true
show_on_reg = true
required = false
require_unique = false
token = XXXX-XXXX-XXXX
language = hu-hu
[matrix]
enabled = false
show_on_reg = true
required = false
require_unique = false
homeserver =
token =
user_id =
topic = Jellyfin notifications
language = en-us
encryption = true
[password_resets]
enabled = true
watch_directory = /jf
link_reset = true
set_password = true
url_base = https://test-accounts.example.com
language = hu-hu
email_html =
email_text =
subject =
[invite_emails]
enabled = true
email_html =
email_text =
subject =
url_base = https://test-accounts.example.com
[template_email]
email_html =
email_text =
[notifications]
enabled = true
expiry_html =
expiry_text =
created_html =
created_text =
[jellyseerr]
enabled = true
server = https://jellyseerr.example.com
api_key = XXXX-XXXX-XXXX
import_existing = true
[backups]
enabled = false
path =
every_n_minutes = 1440
keep_n_backups = 20
[welcome_email]
enabled = true
subject =
email_html =
email_text =
[email_confirmation]
enabled = true
subject =
email_html =
email_text =
[user_expiry]
behaviour = disable_user
delete_expired_after_days = 0
send_email = true
subject =
email_html =
email_text =
adjustment_subject =
adjustment_email_html =
adjustment_email_text =
[disable_enable]
subject_disabled =
subject_enabled =
disabled_html =
disabled_text =
enabled_html =
enabled_text =
[deletion]
subject =
email_html =
email_text =
[webhooks]
created =
[files]
invites =
password_resets =
emails =
users =
ombi_template =
user_profiles =
html_templates =
lang_files =
custom_emails =
custom_user_page_content =
telegram_users =
matrix_users =
matrix_sql =
discord_users =
And lastly a socat login with the technical user:
> 2024/09/04 19:39:11.000741919 length=631 from=0 to=630
POST /Users/authenticatebyname HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go/git\r
Content-Length: 99\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Authorization: MediaBrowser Client="jfa-go", Device="auth", DeviceId="auth", Version="git", Token="XXXX-XXXX-XXXX"\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go", Device="auth", DeviceId="auth", Version="git", Token="XXXX-XXXX-XXXX"\r
\r
{"Password":"XXXX-XXXX-XXXX","Pw":"XXXX-XXXX-XXXX","Username":"technical"}
< 2024/09/04 19:39:12.000577764 length=240 from=0 to=239
HTTP/1.1 200 OK\r
Content-Type: application/json; charset=utf-8\r
Date: Wed, 04 Sep 2024 19:39:11 GMT\r
Server: Kestrel\r
Content-Encoding: gzip\r
Transfer-Encoding: chunked\r
Vary: Accept-Encoding\r
X-Response-Time-ms: 830.1743\r
\r
a\r
..\b.......\r
< 2024/09/04 19:39:12.000579160 length=1291 from=240 to=1530
4f0\r
.VKS.8../>.);.... ....dI..n.A....ErY2.....z......r..V.._....w\rMr.....$........|J..<@S2...t\\Q..E..lD....RJ'..b<......x2..H.q.......t\\d.hKI.P.\v.+...j..iZp......\r...^.}|U...x.R...yk.R..L..|I.q.\vbll.t.....4.d....<...Q:)..._V{N\r....K....p..>'+A..P.V.y...4.......p#`I..%;X5PA..Z...\v.k.....rwYs...S,.5...])..A...a}..k.D#..W[\v%.`DJ.;..'[>_K.U~..o\r.\af..+KL.6....|..u^......8.\v.p.6..J.o......[h\\j..={{..z.....'..c+n..&.X.[..#j..tr1*...S.R.ST}NJ=g\a..6\r1
..AXj...V....^sxM$.....5..?:_..N.......[.b...g..=.\r.....P.].w...+~....\v.m...{`[email protected]..[. "...8.......;.d.%.<t....?.....-...I...Q<.N..*...w....0b\r.P+..L.O..W.....V-....K.M.B..q...g.W.:.:...m.G).y...(i..n.]...b_;>..........DiOw.'R.x..*.....P.!N.y..| .3..s.\b..B...Rd^[email protected]_[hv.............b....c.>sc.d.......G9ND[.U...Q~&~.!....?'\a..............Gv..#........h..[.Xx..J.\r`.s..*..T..\v.c.m)+.g.....X....Q.*_..ou..J}."...n..W.\\..7J.\r74..3.......6.D....Y..l....e~.Z.t.....p...U.>,..@$\v.\rb...R...x..-.m.....W..D..Q'......!.Q.&:X.X<..%[a..II.... .\f.4d..(.....d:.UjZM.j4..#+*f).1.k.....eu?X........9.)4.K\v.p....4...).t.\az_..L.4...o....7@....<...\b..I."
.y]c_.N......)q...\r....5.M... .7......{\v-b.B......33q}]...C7.....0\a..!k........H..fc.'3Ve..N...dR.......8..x. ...=........\r
a\r
....'..\v..\r
0\r
\r
> 2024/09/04 19:39:13.000926426 length=538 from=631 to=1168
POST /Users/authenticatebyname HTTP/1.1\r
Host: localhost:8097\r
User-Agent: jfa-go-test/git\r
Content-Length: 38\r
Accept: application/json\r
Accept-Charset: UTF-8,*\r
Accept-Encoding: gzip\r
Authorization: MediaBrowser Client="jfa-go-test", Device="jfa-go", DeviceId="jfa-go-git-c7995cd", Version="git"\r
Content-Type: application/json; charset=UTF-8\r
X-Application: jfa-go-test/git\r
X-Emby-Authorization: MediaBrowser Client="jfa-go-test", Device="jfa-go", DeviceId="jfa-go-git-c7995cd", Version="git"\r
\r
{"Password":"","Pw":"","Username":""}
< 2024/09/04 19:39:13.000935255 length=200 from=1531 to=1730
HTTP/1.1 400 Bad Request\r
Content-Type: text/plain\r
Date: Wed, 04 Sep 2024 19:39:13 GMT\r
Server: Kestrel\r
Transfer-Encoding: chunked\r
X-Response-Time-ms: 5.3432\r
\r
19\r
Error processing request.\r
0\r
\r
You're right, I forgot to push, sorry. I finally got it though, it was down to a misunderstanding of the .ini library I use. The [advanced]/auth_retry_count is an integer that specifies how many times to try the initial auth with Jellyfin, and when reading a key from the config, MustInt(6) was used, me thinking that the value would default to 6 if the setting wasn't set. Instead, the value is only 6 if the config value isn't an integer, so not having the setting in your config caused it to be 0, a.k.a don't authenticate with Jellyfin on start. Fixed in the above commit, thank you so much for your patience.