Project

General

Profile

Feature #8852

add token-based authentication feature for API

Added by Joseph Magen about 7 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Related issues

Related to Hammer CLI - Feature #8888: hammer auth should support token based authenticationClosed
Related to Foreman - Feature #1301: Consider adding a per-user API keyClosed
Related to Hammer CLI - Feature #8923: Ability to use Negotiate/Kerberos authentication to API and hammerReady For Testing

History

#1 Updated by Dominic Cleal about 7 years ago

Of what sort? We have OAuth support (#1576), session support and #1301 suggests per-user support too, which'd be good. Not to mention SSO type auth too...

It'd be nice not to add yet more types of authentication unless necessary, each one has introduced new security flaws.

#2 Updated by The Foreman Bot about 7 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2052 added
  • Pull request deleted ()

#3 Updated by Joseph Magen about 7 years ago

The idea is the same as features #1301 and #8016. The background is authenticating once with user/pass to get a token (which by default lasts for 2 hours) to make future api/calls rather sending user/pass on every API call in the header.

#4 Updated by Tomáš Strachota about 7 years ago

  • Related to Feature #8888: hammer auth should support token based authentication added

#5 Updated by Dominic Cleal about 7 years ago

  • Related to Feature #1301: Consider adding a per-user API key added

#6 Updated by Jan Pazdziora about 7 years ago

Dominic Cleal wrote:

We have OAuth support (#1576), session support ...

How is session support related to this bearer token support? Is it the same?

#7 Updated by Jan Pazdziora about 7 years ago

  • Related to Feature #8923: Ability to use Negotiate/Kerberos authentication to API and hammer added

#8 Updated by Dominic Cleal about 7 years ago

Jan Pazdziora wrote:

Dominic Cleal wrote:

We have OAuth support (#1576), session support ...

How is session support related to this bearer token support? Is it the same?

A user who has authed via the usual login page will have a Rails session and cookie, which works to auth against the API. Katello (an Angular app I believe) relies on this as the client-side JavaScript queries the API using the active session.

#9 Updated by Joseph Magen almost 6 years ago

  • Status changed from Ready For Testing to New
  • Assignee deleted (Joseph Magen)

Switched status back to New. Simon, can you take a look at this?

#10 Updated by Tomer Brisker over 3 years ago

  • Target version deleted (1.7.2)

Also available in: Atom PDF