Story #3248
Updated by daviddavis over 6 years ago
JWT authentication was removed in #3207. We'd like to readd it eventually. This should be the epic to track that. Here are the original MVP user stories: * As an API user, I can have documentation to generate a JSON Web Token (JWT) without the server being online. [done] * As an administrator, I can disable JWT token expiration. This configuration is in the settings file and is system-wide. [done] * As an administrator, I can configure the JWT tokens to expire after a configurable amount of time. This configuration is in the settings file and is system-wide. [done] * The JWT shall have a username identifier [done] * As an API user, I can authenticate any API call with Basic auth a valid username and password [done] * As an API user, I can authenticate any API call with a valid JWT ["3163":https://pulp.plan.io/issues/3163] * As a JWT authenticated user, I can refresh my JWT token if Pulp is configured with JWT_ALLOW_REFRESH set to True (default is False) ["3163":https://pulp.plan.io/issues/3163] * As an API user, I can invalidate all existing JWT tokens for a given user. [done] * As an authenticated user, when deleting a user 'foo', all of user 'foo's existing JWTs are invalidated. [done] * As an un-authenticated user, I can obtain a JWT token by using a username and password. [done]
.