Feature #17487
Allow sessions for API calls
| Status: | Closed | ||
|---|---|---|---|
| Priority: | Normal | ||
| Assigned To: |  Tomáš Strachota | ||
| Category: | API | ||
| Target version: | Team Marek Iteration 7 | ||
| Difficulty: | Bugzilla link: | ||
| Found in release: | Pull request: | https://github.com/theforeman/foreman/pull/4045 | |
| Story points | - | ||
| Velocity based estimate | - | ||
| Release | 1.14.0 | Release relationship | Auto |
Description
Authenticated API calls should allow creating sessions to avoid sending credentials with every request.
Related issues
Associated revisions
Fixes #17487 - support sessions for api calls
- authenticated api calls save user to session and set
flag api_authenticated_session
- sessions with such flag allow posting requests without CSRF token
- api sessions exipre the same way as UI sessions
- api sessions don't store any additional data to keep the requests
stateless
This way the standard UI requests as well as API requests authenticated
with session created from UI remain protected against CSRF. At the same
time applications using API (such as hammer) can benefit from using
session authentication and avoid the need of storing two tokens
(CSRF and _session_id).
History
#1
Updated by Tomáš Strachota 10 months ago
- Related to Feature #8016: Ability to use tokenized authentication to hammer in lieu of username/password in configuration file. added
#2
Updated by The Foreman Bot 10 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4045 added
#3
Updated by Marek Hulán 10 months ago
- Target version changed from Team Marek Iteration 6 to Team Marek Iteration 7
#4 Updated by Anonymous 10 months ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 9a4ed000ff126d4a7cafa9737c1649a9a3535cd7.
#5
Updated by Dominic Cleal 10 months ago
- Release set to 1.14.0