Generating application tokens in Turris OS 3.11

In 3.11, we pushed into distribution some of the redesigns and improvements in the Foris web interface that were made originally with Turris OS 4.0 and Turris MOX in mind. We wanted to make at least part of the redesign available to you, our current users upfront so you can enjoy early on what will come with Turris MOX. Part of the things we are working is redesign of our Android app. You can read more about that in our blog post and give us feedback what would you like to see in it. Unfortunately because of that we are currently without a possibility to easily generate new tokens for our existing apps in Foris. But don’t worry, the app should work with the previously generated tokens as before. We also have a command line based solution for generating new tokens.

How to generate a new token for old apps

  • In Updater tab, which is in Foris check Access Tokens, save it.
  • SSH to your router and type in terminal:
/usr/share/nuci/tls/new_client  clientname
  • Copy the key from folder /usr/share/nuci/tls/clients to random but accessible location
cp /usr/share/nuci/tls/clients/clientname.token \
  • Update feeds and install package qrencode
opkg update && opkg install qrencode
  • Generate QRcode to scan
qrencode "turris://$(ubus call network.interface.lan status | sed -n 's|.*"address": "\([0-9.]*\)".*|\1|p')/luci-static/my_secret_url.token?scheme=http&hostname=$HOSTNAME&board_name=turris" -o /www/luci-static/my_secret_url.svg
  • Open the QRcode in your browser. Change the IP address of your router, if you change it. By default, it is

Scan it with Turris app and you should be connected to the same network, where is the router.

Once it is done you need to delete files you have created

rm /www/luci-static/my_secret_url*

according to this

the QR code might be invalid , so i tried to generate that one, and it seems to work but i am stuck on endless warning about invalid ssl certificate - i have https redirect on turris.
Any suggestions ?

Edit: setting the schema to https on the token generation in the linked comment and using ip adress instead of hostname helped and i was able to connect