Project

Profile

Help

Story #2359

closed

As a user, I can use JWT tokens for authenticaton

Added by ttereshc about 8 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 26
Quarter:

Description

Use djangorestframework-jwt to implement JWT support.

One should be able to:

  • acquire a JWT after some other initial authentication (e.g. basic auth)
  • use JWT for further authentication
  • invalidate JWT
  • by request
  • on user logout
  • on user delete
  • when password-like credentials used in the initial authentication were changed
  • configure expiration time for the JWT token (the default value - 1 week? 3 weeks?)

More explanations about use of JWT in Pulp could be found in pulp-dev list

One of the possible solutions for invalidating such tokens as JWT would be checking some timestamps on each request.
Even though Pulp does not expect tons of request per second it still looks a bit expensive to me to call db on every request, iiuc. Just a thought to keep in mind.


Related issues

Related to Pulp - Task #2090: Create a plan for user/auth in 3.0CLOSED - CURRENTRELEASEttereshc

Actions
Has duplicate Pulp - Story #2367: As a user, I can configure the expiration period for JWT tokensCLOSED - DUPLICATE

Actions
Blocked by Pulp - Story #2358: As a user, I can authenticate with username and password stored in PulpCLOSED - CURRENTRELEASEdkliban@redhat.com

Actions

Also available in: Atom PDF