Skip to content

feat(dashboard): Dashboard support token-based login #3040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: release-5.6
Choose a base branch
from
Open

feat(dashboard): Dashboard support token-based login #3040

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
26b9692
feat(dashboard): Dashboard support token-based login
Meggielqk Jun 30, 2025
5572601
Update according to comments
Meggielqk Jul 2, 2025
8762b22
Update en_US/dashboard/introduction.md
Meggielqk Jul 2, 2025
1310d97
Combine the steps
Meggielqk Jul 2, 2025
e67cd34
Update zh_CN/dashboard/introduction.md
Meggielqk Jul 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 49 additions & 1 deletion en_US/dashboard/introduction.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Support for custom plug-in integration, Extend EMQX connectivity protocols throu

In addition to debugging through online MQTT over WebSocket client connections and publishing subscriptions, we also support diagnosing and finding issues using things like slow subscriptions and online logs tracing and alarms.

## Running
## Launch Dashboard

EMQX Dashboard is a web application that listens to port `18083` by default. After installing EMQX successfully, you can access and use EMQX Dashboard by opening <http://localhost:18083/> (replace localhost with the actual IP address if deployed on a non-local machine) through your browser.

Expand All @@ -46,6 +46,54 @@ For users who have installed EMQX for the first time, you can use the default us

After logging in for the first time, the system will automatically detect that you are logging in with the default username and password, and will force you to change the default password, which is good for the security of accessing Dashboard, note that the changed password cannot be the same as the original password, and it is not recommended to use `public` as the login password again.

### Token-Based Login via URL

Starting from EMQX 5.6.0, the Dashboard supports a token-based login method that allows users to log in directly by embedding authentication information in the URL.

This feature is particularly useful for seamless redirection and integration scenarios where a user should be logged in automatically without entering credentials manually.

#### How To Use This Login Method

1. Call the `/login` API to obtain the login token and related information.

2. Manually add the username used during login (not included in the `/login` response).

3. Combine the data into a JSON structure:

```json
{
"license": {
"edition": "ee"
},
"role": "administrator",
"token": "xxx.jwt.token",
"version": "5.5.0-g0fef19f8",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this update is for version 5.6, may be we should set version 5.6.1 here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, but why not 5.6.0?

"username": "admin"
}
```

4. Convert the JSON string to Base64.

5. Embed the encoded string in the `login_meta` query parameter of the Dashboard URL.

#### Example URL

For versions **before 5.6.0**:

```bash
http://localhost:18083?login_meta=BASE64_ENCODED_STRING
```

Redirects to the default cluster overview page.

For **version 5.6.0 and later**, you can also specify a target page:

```bash
http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
```

This method provides a smooth, pre-authenticated user experience for accessing the EMQX Dashboard. Make sure to handle the token securely and ensure it has appropriate expiration and scope limits.

## Reset password

You can reset your Dashboard login password via the `admins` command. For details, see [CLI - admins](../admin/cli.md#admins).
Expand Down
50 changes: 50 additions & 0 deletions zh_CN/dashboard/introduction.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,56 @@ EMQX Dashboard 是一个 Web 应用程序,默认监听 `18083` 端口。下载

首次登录后,系统会自动检测到您正在使用默认用户名和密码登录,并会强制要求修改默认密码,这有利于访问 Dashboard 的安全性提升,注意修改的密码不能与原密码相同,且不建议再次使用 `public` 做为登录密码。

### 通过 URL Token 登录 Dashboard

从 EMQX 5.6.0 开始,Dashboard 支持通过在 URL 中携带登录信息的方式进行免登录访问。

此功能适用于需要无缝跳转或集成场景,可在无需用户手动输入凭据的情况下,自动登录 Dashboard。

#### 使用方法

使用此登录方式的步骤如下:

1. 调用 `/login` 接口,获取登录返回的 token 及相关信息。

2. 手动添加登录时使用的用户名(该字段不包含在接口返回中)。

3. 将数据整理成如下 JSON 结构:

```json
{
"license": {
"edition": "ee"
},
"role": "administrator",
"token": "xxx.jwt.token",
"version": "5.5.0-g0fef19f8",
"username": "admin"
}
```

4. 将 JSON 字符串进行 Base64 编码。

5. 将编码后的字符串通过 `login_meta` 参数附加到 Dashboard 的访问 URL 中。

#### 示例 URL

**5.6.0 以下版本**:

```bash
http://localhost:18083?login_meta=BASE64_ENCODED_STRING
```

将默认跳转至集群总览页面。

**5.6.0 及以上版本**,可指定跳转页面:

```bash
http://localhost:18083/#/dashboard/overview?login_meta=BASE64_ENCODED_STRING
```

通过该方式,可以为用户提供无需手动登录的便捷访问体验。请确保妥善管理 token 的安全性,建议设置合理的过期时间和访问权限范围。

## 忘记密码

如果您忘记了 Dashboard 登录密码,可以通过 CLI 的 `admins` 命令进行重置,详情请参考 [命令行 - admins](../admin/cli.md#admins):
Expand Down