Comment 1 for bug 771132

This is actually by design, but could use documentation or improvement.

See comment from sleepsonthefloor on the question:

"The flag vnc_debug is for protocol debugging. It bypasses authentication, and allows you to specify the vnc host and port in the url, thereby allowing you to connect to vnc consoles without asking for a token.

The vnc host and port is considered private, which is why the api doesn't return that information. Perhaps if the vnc_debug flag is set, we could embed the proper host/port info in the url so that it works by default."