Story #3163
Updated by dkliban@redhat.com almost 7 years ago
django-rest-framework-jwt provides a The JWT refresh functionality can be enabled by setting 'JWT_ALLOW_REFRESH' setting in settings.py. settings.py to True. It defaults to False. The limit to how long tokens can be refreshed from the creation time of the first toke is set using 'JWT_REFRESH_EXPIRATION_DELTA' setting. It defaults to 7 days, requiring a user to provide a password every seven days. The server.yaml and settings.py need to be updated to include this setting these two settings with the default value. values. The REST API endpoint provided by django-rest-framework-jwt for refreshing the token does not support indefinitely refreshing tokens. Pulp needs to support allowing users to refresh unexpired tokens for an indefinite amount of time. As a result, a view for refreshing a JWT needs to be implemented. The view should be exposed at /api/v3/jwt_refresh/. If JWT_ALLOW_REFRESH is True, a POST request with the JWT auth header returns a new JWT with a new expiration date. The response should look like the following: added as documented "here":https://getblimp.github.io/django-rest-framework-jwt/#refresh-token <pre> { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNTAyMzgzMDExfQ.3ZpcclxV6hN8ui2HUbwXLJsHl2lhesiCPeDVV2GIbJg" } </pre> If JWT_ALLOW_REFRESH is set to False, a POST to the endpoint should return a 401 with a message stating the the JWT refresh is not allowed. Documentation for the "REST API":https://docs.pulpproject.org/en/3.0/nightly/integration_guide/rest_api/authentication.html#jwt-authentication needs to be updated with info on refreshing a JWT. A new Usage section needs to be added to be used by Pulp Admins. These settings need to be documented there.