Feature #8852
open
Of what sort? We have OAuth support (#1576), session support and #1301 suggests per-user support too, which'd be good. Not to mention SSO type auth too...
It'd be nice not to add yet more types of authentication unless necessary, each one has introduced new security flaws.
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2052 added
- Pull request deleted (
The idea is the same as features #1301 and #8016. The background is authenticating once with user/pass to get a token (which by default lasts for 2 hours) to make future api/calls rather sending user/pass on every API call in the header.
- Related to Feature #8888: hammer auth should support token based authentication added
- Related to Feature #1301: Consider adding a per-user API key added
Dominic Cleal wrote:
We have OAuth support (#1576), session support ...
How is session support related to this bearer token support? Is it the same?
- Related to Feature #8923: Ability to use Negotiate/Kerberos authentication to API and hammer added
Jan Pazdziora wrote:
Dominic Cleal wrote:
We have OAuth support (#1576), session support ...
How is session support related to this bearer token support? Is it the same?
A user who has authed via the usual login page will have a Rails session and cookie, which works to auth against the API. Katello (an Angular app I believe) relies on this as the client-side JavaScript queries the API using the active session.
- Status changed from Ready For Testing to New
- Assignee deleted (
Joseph Magen)
Switched status back to New. Simon, can you take a look at this?
- Target version deleted (
1.7.2)
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by