From 26b96920a8a28f7609c28f547dc58be1b8be3742 Mon Sep 17 00:00:00 2001
From: Meggielqk <126552073+Meggielqk@users.noreply.github.com>
Date: Mon, 30 Jun 2025 14:37:56 +0800
Subject: [PATCH 1/5] feat(dashboard): Dashboard support token-based login
---
en_US/dashboard/introduction.md | 50 ++++++++++++++++++++++++++++++++-
zh_CN/dashboard/introduction.md | 50 +++++++++++++++++++++++++++++++++
2 files changed, 99 insertions(+), 1 deletion(-)
diff --git a/en_US/dashboard/introduction.md b/en_US/dashboard/introduction.md
index 5a79cbd1c..0b1abe21f 100644
--- a/en_US/dashboard/introduction.md
+++ b/en_US/dashboard/introduction.md
@@ -32,7 +32,7 @@ Support for custom plug-in integration, Extend EMQX connectivity protocols throu
In addition to debugging through online MQTT over WebSocket client connections and publishing subscriptions, we also support diagnosing and finding issues using things like slow subscriptions and online logs tracing and alarms.
-## Running
+## Launch Dashboard
EMQX Dashboard is a web application that listens to port `18083` by default. After installing EMQX successfully, you can access and use EMQX Dashboard by opening (replace localhost with the actual IP address if deployed on a non-local machine) through your browser.
@@ -46,6 +46,54 @@ For users who have installed EMQX for the first time, you can use the default us
After logging in for the first time, the system will automatically detect that you are logging in with the default username and password, and will force you to change the default password, which is good for the security of accessing Dashboard, note that the changed password cannot be the same as the original password, and it is not recommended to use `public` as the login password again.
+### Token-Based Login via URL
+
+Starting from EMQX 5.6.0, the Dashboard supports a token-based login method that allows users to log in directly by embedding authentication information in the URL.
+
+This feature is particularly useful for seamless redirection and integration scenarios where a user should be logged in automatically without entering credentials manually.
+
+#### How To Use This Login Method
+
+1. Call the `/login` API to obtain the login token and related information.
+
+2. Manually add the username used during login (not included in the `/login` response).
+
+3. Combine the data into a JSON structure:
+
+ ```json
+ {
+ "license": {
+ "edition": "ee"
+ },
+ "role": "administrator",
+ "token": "xxx.jwt.token",
+ "version": "5.5.0-g0fef19f8",
+ "username": "admin"
+ }
+ ```
+
+4. Convert the JSON string to Base64.
+
+5. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL.
+
+#### Example URL
+
+For versions **before 5.6.0**:
+
+```bash
+http://localhost:18083?login_meta=BASE64_ENCODED_STRING
+```
+
+Redirects to the default cluster overview page.
+
+For **version 5.6.0 and later**, you can also specify a target page:
+
+```bash
+http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
+```
+
+This method provides a smooth, pre-authenticated user experience for accessing the EMQX Dashboard. Make sure to handle the token securely and ensure it has appropriate expiration and scope limits.
+
## Reset password
You can reset your Dashboard login password via the `admins` command. For details, see [CLI - admins](../admin/cli.md#admins).
diff --git a/zh_CN/dashboard/introduction.md b/zh_CN/dashboard/introduction.md
index 87211b117..2dd00bbce 100644
--- a/zh_CN/dashboard/introduction.md
+++ b/zh_CN/dashboard/introduction.md
@@ -46,6 +46,56 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
首次登录后,系统会自动检测到您正在使用默认用户名和密码登录,并会强制要求修改默认密码,这有利于访问 Dashboard 的安全性提升,注意修改的密码不能与原密码相同,且不建议再次使用 `public` 做为登录密码。
+### 通过 URL Token 登录 Dashboard
+
+从 EMQX 5.6.0 开始,Dashboard 支持通过在 URL 中携带登录信息的方式进行免登录访问。
+
+此功能适用于需要无缝跳转或集成场景,可在无需用户手动输入凭据的情况下,自动登录 Dashboard。
+
+#### 使用方法
+
+使用此登录方式的步骤如下:
+
+1. 调用 `/login` 接口,获取登录返回的 token 及相关信息。
+
+2. 手动添加登录时使用的用户名(该字段不包含在接口返回中)。
+
+3. 将数据整理成如下 JSON 结构:
+
+ ```json
+ {
+ "license": {
+ "edition": "ee"
+ },
+ "role": "administrator",
+ "token": "xxx.jwt.token",
+ "version": "5.5.0-g0fef19f8",
+ "username": "admin"
+ }
+ ```
+
+4. 将 JSON 字符串进行 Base64 编码。
+
+5. 将编码后的字符串通过 `login_meta` 参数附加到 Dashboard 的访问 URL 中。
+
+#### 示例 URL
+
+**5.6.0 以下版本**:
+
+```bash
+http://localhost:18083?login_meta=BASE64_ENCODED_STRING
+```
+
+将默认跳转至集群总览页面。
+
+**5.6.0 及以上版本**,可指定跳转页面:
+
+```bash
+http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
+```
+
+通过该方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。
+
## 忘记密码
如果您忘记了 Dashboard 登录密码,可以通过 CLI 的 `admins` 命令进行重置,详情请参考 [命令行 - admins](../admin/cli.md#admins):
From 55726011bd425f77f4c98a32975803f8ad02d749 Mon Sep 17 00:00:00 2001
From: Meggielqk <126552073+Meggielqk@users.noreply.github.com>
Date: Wed, 2 Jul 2025 16:49:19 +0800
Subject: [PATCH 2/5] Update according to comments
---
en_US/dashboard/introduction.md | 23 ++++++++++++++++++-----
zh_CN/dashboard/introduction.md | 21 +++++++++++++++++----
2 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/en_US/dashboard/introduction.md b/en_US/dashboard/introduction.md
index 0b1abe21f..a9fab272e 100644
--- a/en_US/dashboard/introduction.md
+++ b/en_US/dashboard/introduction.md
@@ -56,9 +56,15 @@ This feature is particularly useful for seamless redirection and integration sce
1. Call the `/login` API to obtain the login token and related information.
-2. Manually add the username used during login (not included in the `/login` response).
+ ```
+ curl -X POST "http://127.0.0.1:18083/api/v5/login" \
+ -H 'accept: application/json' \
+ -H 'Content-Type: application/json' \
+ -d '{"username": "admin","password": "public"}'
+ {"license":{"edition":"ee"},"role":"administrator","token":"xxx.yyy.zzz","version":"5.6.1"}
+ ```
-3. Combine the data into a JSON structure:
+2. Combine the data into a JSON structure. Manually add the username used during login (not included in the `/login` response).
```json
{
@@ -67,14 +73,21 @@ This feature is particularly useful for seamless redirection and integration sce
},
"role": "administrator",
"token": "xxx.jwt.token",
- "version": "5.5.0-g0fef19f8",
+ "version": "5.6.1-g0fef19f8",
"username": "admin"
}
```
-4. Convert the JSON string to Base64.
+3. Convert the JSON string to Base64.
+
+ ```
+ curl -s -X POST "http://127.0.0.1:18083/api/v5/login" \
+ -H 'accept: application/json' \
+ -H 'Content-Type: application/json' \
+ -d '{"username": "admin","password": "public"}' | jq '.username = "admin"' | base64
+ ```
-5. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL.
+4. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL.
#### Example URL
diff --git a/zh_CN/dashboard/introduction.md b/zh_CN/dashboard/introduction.md
index 2dd00bbce..4c35d9686 100644
--- a/zh_CN/dashboard/introduction.md
+++ b/zh_CN/dashboard/introduction.md
@@ -58,9 +58,15 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
1. 调用 `/login` 接口,获取登录返回的 token 及相关信息。
-2. 手动添加登录时使用的用户名(该字段不包含在接口返回中)。
+ ```
+ curl -X POST "http://127.0.0.1:18083/api/v5/login" \
+ -H 'accept: application/json' \
+ -H 'Content-Type: application/json' \
+ -d '{"username": "admin","password": "public"}'
+ {"license":{"edition":"ee"},"role":"administrator","token":"xxx.yyy.zzz","version":"5.6.1"}
+ ```
-3. 将数据整理成如下 JSON 结构:
+2. 将数据整理成如下 JSON 结构,手动添加登录时使用的用户名(该字段不包含在接口返回中)。
```json
{
@@ -74,9 +80,16 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
}
```
-4. 将 JSON 字符串进行 Base64 编码。
+3. 将 JSON 字符串进行 Base64 编码。
+
+ ```
+ curl -s -X POST "http://127.0.0.1:18083/api/v5/login" \
+ -H 'accept: application/json' \
+ -H 'Content-Type: application/json' \
+ -d '{"username": "admin","password": "public"}' | jq '.username = "admin"' | base64
+ ```
-5. 将编码后的字符串通过 `login_meta` 参数附加到 Dashboard 的访问 URL 中。
+4. 将编码后的字符串通过 `login_meta` 参数附加到 Dashboard 的访问 URL 中。
#### 示例 URL
From 8762b225ef2c4c2fe1ee075ef6b414b58b836c08 Mon Sep 17 00:00:00 2001
From: Meggielqk <126552073+Meggielqk@users.noreply.github.com>
Date: Wed, 2 Jul 2025 16:59:14 +0800
Subject: [PATCH 3/5] Update en_US/dashboard/introduction.md
Co-authored-by: Ivan Dyachkov
---
en_US/dashboard/introduction.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/en_US/dashboard/introduction.md b/en_US/dashboard/introduction.md
index a9fab272e..bc83e358e 100644
--- a/en_US/dashboard/introduction.md
+++ b/en_US/dashboard/introduction.md
@@ -78,7 +78,7 @@ This feature is particularly useful for seamless redirection and integration sce
}
```
-3. Convert the JSON string to Base64.
+3. Convert the JSON string to Base64. Below is an example on how to get base64-encoded authentication string in one call:
```
curl -s -X POST "http://127.0.0.1:18083/api/v5/login" \
From 1310d978c50c849b54fb58d72cda044d8f2e1acd Mon Sep 17 00:00:00 2001
From: Meggielqk <126552073+Meggielqk@users.noreply.github.com>
Date: Wed, 2 Jul 2025 17:29:52 +0800
Subject: [PATCH 4/5] Combine the steps
---
en_US/dashboard/introduction.md | 48 +++++++++----------------------
zh_CN/dashboard/introduction.md | 50 +++++++++------------------------
2 files changed, 27 insertions(+), 71 deletions(-)
diff --git a/en_US/dashboard/introduction.md b/en_US/dashboard/introduction.md
index bc83e358e..85219bfbf 100644
--- a/en_US/dashboard/introduction.md
+++ b/en_US/dashboard/introduction.md
@@ -54,31 +54,9 @@ This feature is particularly useful for seamless redirection and integration sce
#### How To Use This Login Method
-1. Call the `/login` API to obtain the login token and related information.
+1. Use the `/login` endpoint to obtain an authentication token. Since the response does not include the username, you will need to manually add it before encoding the full JSON payload.
- ```
- curl -X POST "http://127.0.0.1:18083/api/v5/login" \
- -H 'accept: application/json' \
- -H 'Content-Type: application/json' \
- -d '{"username": "admin","password": "public"}'
- {"license":{"edition":"ee"},"role":"administrator","token":"xxx.yyy.zzz","version":"5.6.1"}
- ```
-
-2. Combine the data into a JSON structure. Manually add the username used during login (not included in the `/login` response).
-
- ```json
- {
- "license": {
- "edition": "ee"
- },
- "role": "administrator",
- "token": "xxx.jwt.token",
- "version": "5.6.1-g0fef19f8",
- "username": "admin"
- }
- ```
-
-3. Convert the JSON string to Base64. Below is an example on how to get base64-encoded authentication string in one call:
+ You can perform all steps, including requesting the token, injecting the username, and encoding the result in Base64, in a single command, as shown below:
```
curl -s -X POST "http://127.0.0.1:18083/api/v5/login" \
@@ -87,23 +65,23 @@ This feature is particularly useful for seamless redirection and integration sce
-d '{"username": "admin","password": "public"}' | jq '.username = "admin"' | base64
```
-4. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL.
+2. Construct the login URL. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL. For example:
-#### Example URL
+ For EMQX versions **before 5.6.0**:
-For versions **before 5.6.0**:
+ ```bash
+ http://localhost:18083?login_meta=BASE64_ENCODED_STRING
+ ```
-```bash
-http://localhost:18083?login_meta=BASE64_ENCODED_STRING
-```
+ This redirects to the default cluster overview page.
-Redirects to the default cluster overview page.
+ For EMQX **version 5.6.0 and later**:
-For **version 5.6.0 and later**, you can also specify a target page:
+ ```bash
+ http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
+ ```
-```bash
-http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
-```
+ This allows specifying the target page after login.
This method provides a smooth, pre-authenticated user experience for accessing the EMQX Dashboard. Make sure to handle the token securely and ensure it has appropriate expiration and scope limits.
diff --git a/zh_CN/dashboard/introduction.md b/zh_CN/dashboard/introduction.md
index 4c35d9686..65787a4c2 100644
--- a/zh_CN/dashboard/introduction.md
+++ b/zh_CN/dashboard/introduction.md
@@ -56,31 +56,9 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
使用此登录方式的步骤如下:
-1. 调用 `/login` 接口,获取登录返回的 token 及相关信息。
+1. 使用 `/login` 接口获取身份验证 token。由于返回结果中不包含用户名,你需要手动将用户名添加到 JSON 数据中,再进行编码。
- ```
- curl -X POST "http://127.0.0.1:18083/api/v5/login" \
- -H 'accept: application/json' \
- -H 'Content-Type: application/json' \
- -d '{"username": "admin","password": "public"}'
- {"license":{"edition":"ee"},"role":"administrator","token":"xxx.yyy.zzz","version":"5.6.1"}
- ```
-
-2. 将数据整理成如下 JSON 结构,手动添加登录时使用的用户名(该字段不包含在接口返回中)。
-
- ```json
- {
- "license": {
- "edition": "ee"
- },
- "role": "administrator",
- "token": "xxx.jwt.token",
- "version": "5.5.0-g0fef19f8",
- "username": "admin"
- }
- ```
-
-3. 将 JSON 字符串进行 Base64 编码。
+ 你可以通过以下命令一步完成所有操作,包括请求 token、添加用户名,以及将结果进行 Base64 编码:
```
curl -s -X POST "http://127.0.0.1:18083/api/v5/login" \
@@ -89,25 +67,25 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
-d '{"username": "admin","password": "public"}' | jq '.username = "admin"' | base64
```
-4. 将编码后的字符串通过 `login_meta` 参数附加到 Dashboard 的访问 URL 中。
+2. 构造登录 URL。将编码后的字符串嵌入到 Dashboard URL 的 `login_meta` 查询参数中。例如:
-#### 示例 URL
+ 对于 **EMQX 5.6.0 之前的版本**:
-**5.6.0 以下版本**:
+ ```bash
+ http://localhost:18083?login_meta=BASE64_ENCODED_STRING
+ ```
-```bash
-http://localhost:18083?login_meta=BASE64_ENCODED_STRING
-```
+ 该方式会跳转至默认的集群概览页面。
-将默认跳转至集群总览页面。
+ 对于 **EMQX 5.6.0 及以上版本**:
-**5.6.0 及以上版本**,可指定跳转页面:
+ ```bash
+ http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
+ ```
-```bash
-http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
-```
+ 该方式支持在登录后跳转到指定页面。
-通过该方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。
+通过这种登录方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。
## 忘记密码
From e67cd3453d7ad6de735662f5c4e4157441fa8604 Mon Sep 17 00:00:00 2001
From: Meggielqk <126552073+Meggielqk@users.noreply.github.com>
Date: Thu, 3 Jul 2025 10:00:17 +0800
Subject: [PATCH 5/5] Update zh_CN/dashboard/introduction.md
---
zh_CN/dashboard/introduction.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zh_CN/dashboard/introduction.md b/zh_CN/dashboard/introduction.md
index 65787a4c2..f4430d80f 100644
--- a/zh_CN/dashboard/introduction.md
+++ b/zh_CN/dashboard/introduction.md
@@ -85,7 +85,7 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载
该方式支持在登录后跳转到指定页面。
-通过这种登录方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。
+通过 URL 携带 token 的登录方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。
## 忘记密码