lex87
30. Dezember 2025 um 11:04
1
Hallo zusammen, ich nehme an, dass ist die Funktion, die wir alle vermisst haben. Paperless Mobile für Android unterstützt jetzt nativ die für SSO und OIDC erforderliche API-Schlüsselauthentifizierung. Siehe Screenshot im GitHub-Beitrag.
development ← edmogeor:login-improvements
offen 03:16PM - 28 Dec 25 UTC
## Summary
This PR adds:
- **API Key Authentication** - Alternative to usern… ame/password login
- **Two-Factor Authentication (2FA)** - TOTP support for login
- **Bug Fix** - Allow switching between authentication methods for the same account
## Motivation
Many users deploy Paperless-ngx behind external authentication providers (Authelia, Authentik, etc.). These setups protect API routes at the proxy level, making traditional username/password authentication difficult for mobile apps.
API key authentication provides an easy way for these users to authenticate without implementing complex OpenID Connect flows. Users can generate an API key from Paperless-ngx and use it in the mobile app while keeping their external auth setup for web access.
Whilst implementing API key auth - I wanted to implement 2FA under the same pull request as improvements to auth/login.
## Features
### API Key Authentication
- Login with Paperless API keys instead of username/password
- Automatic username retrieval from server
- Secure input field with visibility toggle
- Proper validation and error handling
### Two-Factor Authentication (2FA)
- TOTP code support for username/password login
- Dialog-based UI for entering codes
- Handles invalid/expired codes gracefully
### Bug Fix: Switch Between Authentication Methods
- Previously, switching auth methods for the same account threw "user already exists" error
- Now updates credentials seamlessly while preserving user settings and data
## Key Changes
**Authentication Logic** (`lib/features/login/cubit/authentication_cubit.dart`)
- Added API key authentication flow with automatic username retrieval
- Added 2FA/TOTP support
- Modified `_addUser()` to update existing credentials instead of throwing error
**API** (`packages/paperless_api/`)
- Added `validateApiKey()` method
- Added `totpCode` parameter to `login()` method
- New error codes: `invalidApiKey`, `invalidTotp`
**UI Components**
- New `api_key_form_field.dart` - API key input
- New `totp_dialog.dart` - 2FA code entry dialog
- Updated `add_account_page.dart` - Authentication method toggle
- Updated `user_credentials_form_field.dart` - Support for both auth methods
**Data Models**
- Added `isApiKeyAuth` flag to `UserCredentials`
- Added `apiKey` and `totpCode` fields to `LoginFormCredentials`
**Other**
- Added localization strings for new features
- API keys stored in encrypted Hive storage
## Testing
Tested on Android emulator (API 34):
- ✅ Username/password login (with and without 2FA)
- ✅ API key login
- ✅ Switching between auth methods for same account
- ✅ Error handling for invalid credentials
- ✅ Credentials persistence and settings preservation
## Notes
**Security:** API keys stored in encrypted Hive storage, TOTP codes never stored
## Screenshots
<img width="360" height="800" alt="Screenshot_1766934790" src="https://github.com/user-attachments/assets/8483a222-ec58-431d-af43-cc05d04d9249" />
<br>
<img width="360" height="800" alt="Screenshot_1766932070" src="https://github.com/user-attachments/assets/c390d9bd-8832-4480-a784-47049c1cb2e2" />
<br>
<img width="360" height="800" alt="Screenshot_1766932054" src="https://github.com/user-attachments/assets/a38f1b48-a99d-466f-bb05-088f6198f60a" />