Pulp

JWT authentication was removed in #3207. We'd like to re-add it eventually. This should be the epic to track that.

Here are the original MVP user stories:

• As an API user, I can have documentation to generate a JSON Web Token (JWT) without the server being online. [done]
• As an administrator, I can disable JWT token expiration. This configuration is in the settings file and is system-wide. [done]
• As an administrator, I can configure the JWT tokens to expire after a configurable amount of time. This configuration is in the settings file and is system-wide. [done]
• The JWT shall have a username identifier [done]
• As an API user, I can authenticate any API call with Basic auth a valid username and password [done]
• As an API user, I can authenticate any API call with a valid JWT [3163]
• As a JWT authenticated user, I can refresh my JWT token if Pulp is configured with JWT_ALLOW_REFRESH set to True (default is False) [3163]
• As an API user, I can invalidate all existing JWT tokens for a given user. [done]
• As an authenticated user, when deleting a user 'foo', all of user 'foo's existing JWTs are invalidated. [done]
• As an un-authenticated user, I can obtain a JWT token by using a username and password. [done]