Project

Profile

Help

Story #3248

Updated by daviddavis almost 7 years ago

JWT authentication was removed in #3207. We'd like to readd it eventually. This should be the epic to track that. Here are the original MVP user stories: 

 * As an API user, I can have documentation to generate a JSON Web Token (JWT) without the server being online. [done]  
 *  

 As an administrator, I can disable JWT token expiration. This configuration is in the settings file and is system-wide. [done]  
 *  

 As an administrator, I can configure the JWT tokens to expire after a configurable amount of time. This configuration is in the settings file and is system-wide. [done]  
 *  

 The JWT shall have a username identifier [done]  
 *  

 As an API user, I can authenticate any API call with Basic auth a valid username and password [done]  
 *  

 As an API user, I can authenticate any API call with a valid JWT ["3163":https://pulp.plan.io/issues/3163]  
 *  

 As a JWT authenticated user, I can refresh my JWT token if Pulp is configured with JWT_ALLOW_REFRESH set to True (default is False) ["3163":https://pulp.plan.io/issues/3163]  
 *  

 As an API user, I can invalidate all existing JWT tokens for a given user. [done]  
 *  

 As an authenticated user, when deleting a user 'foo', all of user 'foo's existing JWTs are invalidated. [done]  
 *  

 As an un-authenticated user, I can obtain a JWT token by using a username and password. [done]  

Back