shellhub icon indicating copy to clipboard operation
shellhub copied to clipboard
verified publisher icon shellhub-io

Support for API token

Open gustavosbarreto opened this issue 4 years ago • 4 comments

ShellHub API provides highly privileged access with no ability to manage the possible negative impact. It would be much better if we could support scoped-tokens instead of full access to all resources.

What needs to be done?

  • Web UI: A dialog to create API tokens (Settings Page)
  • Web UI : A list view to list all namespace's API tokens
  • API: A new API route to issue a token
  • API: A new API route to list tokens

The generated token must contain following information:

  • tenant_id (namespace's tenant_id)
  • read_only (default: true)

Each token should be embedded into namespace document.

gustavosbarreto avatar Feb 12 '21 14:02 gustavosbarreto

Hi, is there any news on this ? I am currently integrating shellhub in my process and I would need to use API Keys instead of relying on JWT tokens which are only valid for a day.

Seluj78 avatar Jan 29 '24 10:01 Seluj78

I can see that the PR #724 added support for that but was never merged

Seluj78 avatar Jan 29 '24 10:01 Seluj78

@Seluj78

The PR #724 did attempt to add support for this, but it was discontinued due to some technical considerations.

We are prototyping the user interface for this feature and you can preview the UI here: https://www.figma.com/file/z0OplSCyaEAUMu8qZXRobX/Personal-Access-Token?type=design&node-id=0-1&mode=design

gustavosbarreto avatar Jan 29 '24 13:01 gustavosbarreto

That's great ! When do you think this could be implemented? In the mean time I am implementing my own solution using JWT tokens

Seluj78 avatar Jan 29 '24 13:01 Seluj78

Support to API Key/Token was added in this PR and will be released on 0.15

henrybarreto avatar Apr 17 '24 12:04 henrybarreto