cvat icon indicating copy to clipboard operation
cvat copied to clipboard

Published 20 hours ago verified publisher icon cvat-ai

Ability generate API access tokens

Open zhiltsov-max opened this issue 2 years ago • 9 comments

Current Behaviour

Currently, the only possible way to auth a user is to pass credentials to the server. Password typing can be a potential security problem, also they need to be passed into other tools, if they are going to use API or SDK. Having only the password auth can also weaken the account security.

This will allow to authenticate in API clients when there is no basic auth available (e.g., when SSO is used for login).

Possible Solution

  • Implement ability to generate API access tokens
    • [Optional] with ability to control lifetime
    • [Optional] with ability to revoke created tokens
    • [Optional] with ability to control access rights for each token
  • [Optional] Implement sessions management with options to list and end open sessions
  • [Optional] Implement a list of last logins for the user
  • [Optional] Add a list of authorized SSH keys allowed to access API
  • [Optional] Allow to enable or disable basic auth via SDK/CLI on the server

Examples: GitHub Personal Access Tokens (PAT) https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Screenshot from 2022-09-16 13-30-01

zhiltsov-max avatar Sep 16 '22 10:09 zhiltsov-max

@nmanovic Hey, is this feature implemented in the CVAT backend? If not, can I work on it? It seems pretty interesting to me.

priyanshu-kun avatar May 09 '24 06:05 priyanshu-kun

@priyanshu-kun , sure, you can. We had very good proposals for GSoC 2024 for the feature.

@ritikraj26, @umangapatel123, would you mind to share your proposals? If you can help us to contribute the future, CVAT community will be happy.

nmanovic avatar May 09 '24 06:05 nmanovic

@nmanovic Sure, I will share my proposal. I am also very much interested in implementing this feature.

umangapatel123 avatar May 09 '24 08:05 umangapatel123

@nmanovic, is this feature a GSoC 2024 project? Have you selected a contributor for it? I didn't see this project on the chosen project list on the GSoC'24 CVAT page.

priyanshu-kun avatar May 09 '24 08:05 priyanshu-kun

@priyanshu-kun It was a GSoC 2024 Proposed project but due to the project limit for the organization in GSoC, this project was dropped.

umangapatel123 avatar May 09 '24 08:05 umangapatel123

@umangapatel123 Ohh, wanna collaborate with me to work upon this issue?

priyanshu-kun avatar May 09 '24 08:05 priyanshu-kun

@priyanshu-kun Sure, I am more than happy to do that

umangapatel123 avatar May 09 '24 08:05 umangapatel123

fine as soon I got the free time I'll create a proposal, will disucss about that afterward. @umangapatel123

priyanshu-kun avatar May 09 '24 08:05 priyanshu-kun

Sure, I would be happy to help !

ritikraj26 avatar May 10 '24 06:05 ritikraj26