How to login and get the API token with username and password?

Hey there :wave:

I’m currently working on a frontend project which will feature user logins which will be required to use the application. So far so easy.

I want to use Cockpit’s (v2) user authentication and role management in order to avoid having to code my own login API.
So I’ve just opened my Dev Tools, logged into my Cockpit Backend, and saw that there’s a request going to /auth/check which has a request body like this:

    "auth": {
        "user": "USERNAME",
        "password": "PASSWORD"
    "csrf": "TOKEN"

Now I’m wondering where I’m supposed to get the value for the CSRF token from.
As far as I can see, there’s no endpoint which I could use to get a token from Cockpit.

CSRF tokens are meant to identify client sessions and are therefore unique for every session, don’t they?

My question might be stupid - I know. I’m sorry if that’s the case. But I’m not really deep into CSRF and PHP, so this is new to me.

Thanks for everyone who’s helping me here :pray:

Have a great day :slightly_smiling_face:

Just wanted to bring this back up hoping that anyone has an idea :slight_smile:

I can see that the Token gets generated within the Csrf Helper at /modules/App/Helper/Csrf.php and used in the Vue login() method in /modules/App/views/auth/login.php

Did you found a solution to your problem?