Missing or malformed JWT error on api url. Cannot log in, wrong username or password warning

Upon doing curl -X 'GET' 'http://localhost:6969/api/v1' I get {"message":"missing or malformed jwt"}

In my desktop frontend for Fedora (the RPM) it keeps saying ‘Wrong username or password’ when trying to login, additionally. I have changed the user password successfully and can list user and see myself there in the CLI using vikunja user list.

Upon doing curl -X 'GET' 'http://localhost:6969/api/v1/info I get the following response :
{"version":"v0.20.4","frontend_url":"","motd":"","link_sharing_enabled":true,"max_file_size":"200MB","registration_enabled":true,"available_migrators":["vikunja-file","ticktick"],"task_attachments_enabled":true,"enabled_background_providers":["upload"],"totp_enabled":true,"legal":{"imprint_url":"","privacy_policy_url":""},"caldav_enabled":true,"auth":{"local":{"enabled":true},"openid_connect":{"enabled":false,"redirect_url":"\u003cfrontend url\u003e","providers":null}},"email_reminders_enabled":false,"user_deletion_enabled":true,"task_comments_enabled":true}

I am totally unsure what could be wrong here.

I don’t remember how I installed the api but since there is an RPM file of version 0.20.4 in my downloads folder I can assume its only that.

Additionally, vikunja had been working for me for over 10 days. I had a few issues where I needed to restart the service after restarting my computer a few times but nothing wrong apart from that. Today, I restarted my computer while the vikunja frontend and api were both running and restarted them abruptly and all of a sudden, the whole thing stops working.

In my vikunja config file, I have deleted the JWT secret, replacing the value with nothing just "" as I found in looking around that it regenerates it if not found, yet, this also does not seem to do anything.

Another thing that may be of interest, when I try curl with https on the api url it gives me this:
Command: curl -X 'GET' 'https://localhost:6969/'
curl: (35) error:0A00010B:SSL routines::wrong version number

I am totally stuck. I really like the software and it has incredibly improved my productivity and time management, but I don’t know why the sudden issue.

EDIT : The same error on the AppImage frontend exists as well as my desktop frontend RPM. Since the curl response is unusual, I don’t think the issue lies with the frontends.

EDIT 2: For some very odd reason that I am quite unsure of, doing sudo vikunja in the terminal and then using the frontend instantly logged me in and restored everything where it was. I am quite unsure why this happened and why do I even need sudo to launch it. I am, however, happy that my work is not gone.

EDIT 3: It has become clearer to me why doing sudo vikunja worked. When I did that it loaded the config file in /home/user/config.yml (i was not aware this existed), I am not sure how it knew to look here, but it did nevertheless. In this file, there is a JWTSecret that is written. Now, when I copied over this token to the file that it is pulling when I am not typing sudo (file is /home/user/.config/vikunja/config.yml ) even then, it does not log in and gives me the same exact error as before. Must be noted that until this issue, I did not have to launch vikunja as sudo.

EDIT 4: Working without sudo now. Changed the interface to something other than :6969 (:3457) in my ~/.config/vikunja/config.yml file and it is back to normal. Though, it did give me the error that it was missing or malformed JWT when I removed the JWTSecret again and curl -X 'GET' 'http://localhost:3457/api/v1/ still says {"message":"missing or malformed jwt"}. I am just not sure why hitting darts blindfolded like this worked. I would ideally like to avoid this happening in the future.

Can you check in the dev tools network tab if the request goes through to the api and it returns an error message?

What’s in the logs?

There’s a few places where it looks for a config file: Config options | Vikunja

The jwt token should be irrelevant for the login. It’s only used to sign the token.

Well you get that response because there’s no jwt token in the request. Check out the api docs to learn how to provide one: Vikunja API documentation

I am hosting it locally, I installed the API via an RPM, the page you linked does not seem to mention how to generate a new one. I am not using OpenID authentication or any other, just local.

That’s the thing, there are no logs that I could find. I have enabled debug logging in the config file and that outputs the logs to my terminal. In the config file, the logs location is /opt/vikunja/logs but there is no such thing when I navigate to that folder.


I’m a little confused, did you configure the logs to use a file or output to stdout?