Project

Profile

Help

Story #3163

closed

As a user, I can refresh an unexpired JWT.

Added by dkliban@redhat.com almost 7 years ago. Updated over 4 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
Yes
Tags:
Sprint:
Quarter:

Description

django-rest-framework-jwt provides a 'JWT_ALLOW_REFRESH' setting in settings.py. It defaults to False. The server.yaml and settings.py need to be updated to include this setting with the default value.

The REST API endpoint provided by django-rest-framework-jwt for refreshing the token does not support indefinitely refreshing tokens. Pulp needs to support allowing users to refresh unexpired tokens for an indefinite amount of time. As a result, a view for refreshing a JWT needs to be implemented. The view should be exposed at /api/v3/jwt_refresh/. If JWT_ALLOW_REFRESH is True, a POST request with the JWT auth header returns a new JWT with a new expiration date. The response should look like the following:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNTAyMzgzMDExfQ.3ZpcclxV6hN8ui2HUbwXLJsHl2lhesiCPeDVV2GIbJg"
}

If JWT_ALLOW_REFRESH is set to False, a POST to the endpoint should return a 401 with a message stating the the JWT refresh is not allowed.

Documentation for the REST API needs to be updated with info on refreshing a JWT.

A new Usage section needs to be added to be used by Pulp Admins. These settings need to be documented there.


Related issues

Related to Pulp - Issue #3164: Requesting a JWT token doesn't support basic authCLOSED - WONTFIXActions

Also available in: Atom PDF