Root user Auth Failure Snapd api

nsnyder · November 7, 2023, 4:40pm

I am building a snap to access the snapd rest api interface. I want to be able to run my snap as root so that I can by pass the snap store/macroon authentication. Below is the command I am running with its output:

sudo {snap-name} /v2/snapctl post "{\"context-id\":\"ABCDEF\
",\"args\":[\"get\",\"value\"]}"

------------REQUEST--------------
POST /v2/snapctl HTTP/1.1
Host: localhost
Content-Length: 73
Content-Type: application/json

{"context-id":"ABCDEF","args":["get","value"]}

---------------Response------------------
HTTP/1.1 403 Forbidden
date: tue, 07 nov 2023 16:32:52 gmt
content-length: 116
content-type: application/json
{"type":"error","status-code":403,"status":"Forbidden","result":{"message":"access denied","kind":"login-required"}}

From the documentation below it looks like I should be able to just run this as a root user (without signing into the snap store):

https://snapcraft.io/docs/using-the-api#heading–authentication

Do I have to be logged into the snap store for this to work? Or am I doing something wrong?

nsnyder · November 7, 2023, 7:40pm

I also tried the login endpoint with my ubuntu one credentials and got the same errror:

 sudo {snap-name}  /v2/login post "{\"email\":\"{EMAIL}\",\"password\":\"{PASSWORD}\"}"

------------REQUEST--------------
POST /v2/login HTTP/1.1
Host: localhost
Content-Length: 70
Content-Type: application/json

{"email":"{EMAIL}","password":"{PASSWORD}"}

---------------Response------------------
HTTP/1.1 401 Unauthorized
date: tue, 07 nov 2023 19:34:59 gmt
content-length: 125
content-type: application/json

{"type":"error","status-code":401,"status":"Unauthorized","result":{"message":"invalid credentials","kind":"login-required"}}

nsnyder · November 8, 2023, 4:23pm

It seems to be something going on with my program (written in java). I was using netty unix library to connect to snapd rest api, but after switching to a ProcessBuilder and running curl commands every thing works perfectly.

So there might be something I am missing with the netty library or maybe it is something the netty library is doing.

either way it works now