[MGNLREST-225] API token Created: 10/Feb/20  Updated: 23/Oct/23  Resolved: 19/Jan/22

Status: Closed
Project: Magnolia REST Framework
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Story Priority: Neutral
Reporter: Christopher Zimmermann Assignee: Unassigned
Resolution: Duplicate Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicate
duplicates MGNLREST-71 Rest authentication with API Tokens o... Accepted
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Epic Link: Headless Phase 2

 Description   

As a Developer, I can create API token which will then be used by external software to access the REST endpoints (Delivery, nodes, properties, GraphQL).

(API Key, Access Token)

Capabilities:

  • An API token can control which endpoints can be accessed.
  • A GUI to manage tokens: Create, List and Revoke
  • User or Administrator can deactivate a token, then no REST requests using it will work.
  • The current user based authentication continues to work. If a request is made with no token, then the current security practices apply.

 

Notes:

Behind the scenes, keys might be implemented via standard magnolia security concepts. We should implement the API token concept because it is an established best practice in web world for API's.



 Comments   
Comment by Mikaël Geljić [ 19/Jan/22 ]

Closing in favor of the CLOUD-141 epic to clean things up, same stories are captured there; and we may then move/clone the epic to generalize to Core usage. We've had MGNLREST-71 for a long while too, which is linked to support.

Generated at Mon Feb 12 06:57:51 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.