Has anyone seen a situation where the CLI context ...
# fleet
Has anyone seen a situation where the CLI context (API token) seems to stop working? We have it configured in
and when running
commands it should allow auth with that token, and it works for a bit, then stops working again:
Copy code
$ fleetctl get labels --yaml
could not list labels: get labels received status 401 Authentication required: Authentication required
Seems that maybe the token is expired if I log out of the web interface. Is there a way to generate one that persists? Explanation is there's an 'admin' user which has the token, but end-users are logging in with their own users. So I logged in as 'admin', generated the token, tested it (it worked) then I logged out, so I could log back in as myself.
Upgrade Fleet to 4.x would invalidate your API token. The upgrade section talks about major changes that you might want to be aware of: https://github.com/fleetdm/fleet/releases/tag/v4.0.0 This won't happen on future updates. Let us know if you haven't recently upgraded or are still having trouble so we could figure this out!
Hi @Rachel Perkins yeah I regenerated the token from 4.x, but the same issue seems to happen, when I log out, the token seems to get invalidated.
This time I regenerated it, then rather than logging out, I went back to
and logged in as my main user, this time the token seems to remain valid. Is it possible the logout call is invalidating the session and API tokens?
Ack! Yes, logging out does invalidate the token. Try using SSO if you haven't already or another work around is using 
fleetctl login
 and that will generate a separate session than the UIs-- let me know if it works!
Ah right, well for now I did my little "cheat" above, but since we're pushing these configs out via configuration management, it's a bit of a pain if there's no way to generate a more "permanent" token.
You can config the expiration but unfortunately not the invalidation on logout. Take a look at the fleet server configure docs
ok thanks!