[GH-ISSUE #695] Authenticate in the app with a token? #511

New issue

Open

opened 2026-05-07 00:24:58 +02:00 by BreizhHardware · 3 comments

BreizhHardware commented 2026-05-07 00:24:58 +02:00

Owner

Copy link

Originally created by @BartG95 on GitHub (Apr 4, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/695

❓ Question

As of recently, ntfy gained the ability to authenticate with access tokens. Is it just me, or isn't that yet available in the Android app?

If not yet available, this issue might as well turn into a feature request.

Originally created by @BartG95 on GitHub (Apr 4, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/695 :question: **Question** As of recently, ntfy gained the ability to authenticate with access tokens. Is it just me, or isn't that yet available in the Android app? If not yet available, this issue might as well turn into a feature request.

BreizhHardware added the

question

label 2026-05-07 00:24:58 +02:00

BreizhHardware commented 2026-05-07 00:24:58 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Apr 18, 2023):

I think that's a pretty good idea. We may want to do this when we implement the user account sync stuff (#523, /cc @wunter8). My thought was to do it similarly to the web app. You log in with username/password, and then you create a token and store that locally. This way nothing would change from the user-perspective, but if your phone gets stolen your username/password is not at risk.

<!-- gh-comment-id:1513335588 --> @binwiederhier commented on GitHub (Apr 18, 2023): I think that's a pretty good idea. We may want to do this when we implement the user account sync stuff (#523, /cc @wunter8). My thought was to do it similarly to the web app. You log in with username/password, and then you create a token and store that locally. This way nothing would change from the user-perspective, but if your phone gets stolen your username/password is not at risk.

BreizhHardware commented 2026-05-07 00:24:59 +02:00

Author

Owner

Copy link

@killermouse0 commented on GitHub (Nov 19, 2023):

I would also love it if it was possible to provide an Oauth Personal Access Token, because my self-hosted NTFY instance is behind an authenticating proxy (Zitadel). Might be too much of a niche request, but I'm just putting it here to gauge interest from others!

<!-- gh-comment-id:1817915206 --> @killermouse0 commented on GitHub (Nov 19, 2023): I would also love it if it was possible to provide an Oauth Personal Access Token, because my self-hosted NTFY instance is behind an authenticating proxy (Zitadel). Might be too much of a niche request, but I'm just putting it here to gauge interest from others!

BreizhHardware commented 2026-05-07 00:24:59 +02:00

Author

Owner

Copy link

@brevilo commented on GitHub (Jan 30, 2024):

I think that's a pretty good idea. We may want to do this when we implement the user account sync stuff (#523, /cc @wunter8).

This sounds like this could take some time. Please correct me if I'm wrong but it seems like the low-hanging fruit could be to just disable the input validation on the user name field and accept an empty one, no? The token doc reads:

Alternatively, you can use Basic Auth to send the access token. When sending an empty username, the basic auth password is treated by the ntfy server as an access token.

Sure, things can be still be optimized down the road but this looks like a simple enough change to enable token support in the app relatively quickly, further protecting original account credentials.

Thanks!

<!-- gh-comment-id:1915811895 --> @brevilo commented on GitHub (Jan 30, 2024): > I think that's a pretty good idea. We may want to do this when we implement the user account sync stuff (#523, /cc @wunter8). This sounds like this could take some time. Please correct me if I'm wrong but it seems like the low-hanging fruit could be to just disable the [input validation](https://github.com/binwiederhier/ntfy-android/commit/43757eb7b5be2b0a55f4a59c497dcd6dfc39494c#diff-801c4a80b2064174f4d9a2b6c33f0f6be9fdbedc7f59509f137f8dc33762d177R112) on the user name field and accept an empty one, no? The [token doc](https://docs.ntfy.sh/publish/#access-tokens) reads: > Alternatively, you can use [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication) to send the access token. When sending an empty username, the basic auth password is treated by the ntfy server as an access token. Sure, things can be still be optimized down the road but this looks like a simple enough change to enable token support in the app relatively quickly, further protecting original account credentials. Thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#511

No description provided.