Project

General

Profile

Feature #8852

add token-based authentication feature for API

Added by Joseph Magen almost 6 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Related issues

Related to Hammer CLI - Feature #8888: hammer auth should support token based authenticationClosed
Related to Foreman - Feature #1301: Consider adding a per-user API keyClosed
Related to Hammer CLI - Feature #8923: Ability to use Negotiate/Kerberos authentication to API and hammerNew

History

#1 Updated by Dominic Cleal almost 6 years ago

Of what sort? We have OAuth support (#1576), session support and #1301 suggests per-user support too, which'd be good. Not to mention SSO type auth too...

It'd be nice not to add yet more types of authentication unless necessary, each one has introduced new security flaws.

#2 Updated by The Foreman Bot almost 6 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2052 added
  • Pull request deleted ()

#3 Updated by Joseph Magen almost 6 years ago

The idea is the same as features #1301 and #8016. The background is authenticating once with user/pass to get a token (which by default lasts for 2 hours) to make future api/calls rather sending user/pass on every API call in the header.

#4 Updated by Tomáš Strachota almost 6 years ago

  • Related to Feature #8888: hammer auth should support token based authentication added

#5 Updated by Dominic Cleal almost 6 years ago

  • Related to Feature #1301: Consider adding a per-user API key added

#6 Updated by Jan Pazdziora almost 6 years ago

Dominic Cleal wrote:

We have OAuth support (#1576), session support ...

How is session support related to this bearer token support? Is it the same?

#7 Updated by Jan Pazdziora almost 6 years ago

  • Related to Feature #8923: Ability to use Negotiate/Kerberos authentication to API and hammer added

#8 Updated by Dominic Cleal almost 6 years ago

Jan Pazdziora wrote:

Dominic Cleal wrote:

We have OAuth support (#1576), session support ...

How is session support related to this bearer token support? Is it the same?

A user who has authed via the usual login page will have a Rails session and cookie, which works to auth against the API. Katello (an Angular app I believe) relies on this as the client-side JavaScript queries the API using the active session.

#9 Updated by Joseph Magen over 4 years ago

  • Status changed from Ready For Testing to New
  • Assignee deleted (Joseph Magen)

Switched status back to New. Simon, can you take a look at this?

#10 Updated by Tomer Brisker over 2 years ago

  • Target version deleted (1.7.2)

Also available in: Atom PDF