I am the proud owner of a self-hosted Vikunja environment. I am using Unraid and the provided package from there. It works perfectly for 99% of my cases but I just came across one issue:
When I add an attachment to a task and copy it’s link to my clipboard, the link guides me to a site which shows this error:
{“message”:“missing, malformed, expired or otherwise invalid token provided”}
When I open up the link from within the task it works as expected.
As a sidenote: I am using Vikunja behind a reverse proxy (NPM) and when playing around with the API to connect Vikunja to Obsidian I learned that I had to set “CORS Enabled” to “true” in order to make it work. Before I had a similar error. This might have nothing to do with each other as I would expect that for the above issue I wouldn’t even need to set an API token.
Attachments are always private and require authentication via JWT - given how this works, it’s not possible to just open a link in the browser.
You can, however, use the copied link from the attachment in an image withing Vikunja.
Thanks a lot for the swift reply. I still struggle to understand it. Wouldn’t it then make sense that Vikunja would ask me to login? If there’s a reason why it doesn’t make sense what do I need to do to change this error into a correct behavior. I guess I then need to configire JWT. Can I do this with the docker and the arguments while the docker starts? It seems the docker-version has no config file instead everything is managed with arguments, that’s why I am asking.
Thanks again and BTW: Your tool greatly helps me to organized my crazy ADHS mind
The api token needs to be passed as bearer token, as defined here. That’s related to authentication but different from the login. The frontend does this automatically, but it’s not something you can configure. It’s meant to be used directly by other programs, like the frontend.
