Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support new CreateToken API/allow setting custom scope #150

Closed
NiklasRosenstein opened this issue Oct 23, 2023 · 4 comments · Fixed by #192
Closed

Support new CreateToken API/allow setting custom scope #150

NiklasRosenstein opened this issue Oct 23, 2023 · 4 comments · Fixed by #192

Comments

@NiklasRosenstein
Copy link

Is your feature request related to a problem? Please describe.

The old Create Token API that is used by ArtifactorySecurity.create_access_token() is deprecated: https://jfrog.com/help/r/jfrog-rest-apis/delete-group?tocId=2_OrHvmQlC6dtFFR8F9i3w

image

Describe the solution you'd like

Add support for or use the new Create Token API instead: https://jfrog.com/help/r/jfrog-rest-apis/create-token

image

Additional context

We ran into an issue today where all the tokens generated with pyartifactory didn't actually have any permissions. It seems the "scope" value of the deprecated API endpoint expects the format of the new endpoint (e.g. "applied-permissions/user" is what we're using now after monkey-patching pyartifactory).
@anancarv
Copy link
Owner

Thanks for pointing it out @NiklasRosenstein . I'll update that feature ASAP

@NiklasRosenstein
Copy link
Author

Thanks @anancarv !

FYI, this is how I worked around it for now:

def create_access_token(
    self: ArtifactorySecurity,
    user_name: str,
    expires_in: int = 3600,
    refreshable: bool = False,
    groups: list[str] | None = None,
) -> AccessTokenModel:
    """
    A variation of #ArtifactorySecurity.create_access_token() that passes the correct "scope".
    """

    payload = {
        "username": user_name,
        "expires_in": expires_in,
        "refreshable": refreshable,
    }
    payload.update({"scope": "applied-permissions/user"})
    response = self._post(f"api/{self._uri}/token", data=payload, raise_for_status=False)
    if response.ok:
        return AccessTokenModel(**response.json())
    raise InvalidTokenDataException(response.json().get("error_description", "Unknown error"))


ArtifactorySecurity.create_access_token = create_access_token  # type: ignore[method-assign]

That being said, JFrog did acknowledge that this as a bug in the old endpoint that was recently introduced:

image

@Ashwinmnr
Copy link

Hi @anancarv

Do we have this feature in any upcoming versions?
We would like to use pyartifactory to authenticate using identity tokens.

Cheers,
Ashwin

@anancarv anancarv mentioned this issue Sep 19, 2024
Merged
2 tasks
@anancarv
Copy link
Owner

Hi @anancarv

Do we have this feature in any upcoming versions? We would like to use pyartifactory to authenticate using identity tokens.

Cheers, Ashwin

Hey @Ashwinmnr, I've created a PR #192 to support the new create-token API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: support new create access token API anancarv/python-artifactory
3 participants
@NiklasRosenstein @anancarv @Ashwinmnr