Feature #14196
closed[API] issues v2 format auth tokens
Updated by Tom Morris over 6 years ago
- Target version changed from To Be Groomed to Arvados Future Sprints
Updated by Tom Morris over 6 years ago
- Target version changed from Arvados Future Sprints to 2018-10-03 Sprint
Updated by Lucas Di Pentima over 6 years ago
- Assigned To set to Lucas Di Pentima
Updated by Peter Amstutz about 6 years ago
- Assigned To changed from Lucas Di Pentima to Peter Amstutz
Updated by Peter Amstutz about 6 years ago
14196-api-v2-tokens @ 4503336797b79519f8c480af39fb72538191038a
Return v2 token in login process. Support v2 "reader" tokens. API server tests now use v2 tokens.
https://ci.curoverse.com/view/Developer/job/developer-run-tests/912/
Updated by Peter Amstutz about 6 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz about 6 years ago
14196-api-v2-tokens @ 269aba16336d6e9dcf80239465cfcfb9a841a4a9
Don't crash on expected elements in params[:reader_tokens]
https://ci.curoverse.com/view/Developer/job/developer-run-tests/915/
Updated by Tom Clegg about 6 years ago
Did you check whether the JS code in multi-site search does the right thing with this? I didn't look too closely but it seems like tokenUUID() in session_db.js might need to extract the UUID from the token instead of doing an API call with an api_token=X filter...?
Other than that, LGTM, thanks
Updated by Peter Amstutz about 6 years ago
- Target version changed from 2018-10-03 Sprint to 2018-10-17 sprint
Updated by Peter Amstutz about 6 years ago
Tom Clegg wrote:
Did you check whether the JS code in multi-site search does the right thing with this? I didn't look too closely but it seems like tokenUUID() in session_db.js might need to extract the UUID from the token instead of doing an API call with an api_token=X filter...?
Thanks, I hadn't thought of the token handling in multi-site search.
Which solution do you prefer?
- Detect v2 tokens and parse for uuid, otherwise use the existing code path
- Change it to use /arvados/v1/api_client_authorizations/current
- Support v2 tokens only, get rid of the AJAX request
Updated by Tom Clegg about 6 years ago
Peter Amstutz wrote:
- Detect v2 tokens and parse for uuid, otherwise use the existing code path
This, please. (After this merges, people will still be using v1 tokens until they log out/in, so we shouldn't stop supporting them unless we force that to happen. And the API round trip is unnecessary with a v2 token so skipping it seems better than making it work.)
Updated by Peter Amstutz about 6 years ago
14196-api-v2-tokens @ d3973d7df59bffccb012eaff0bf1c11a23fb5a06
- Fixed session_db to handle v2 tokens
- Updated workbench test suite uses v2 tokens
https://ci.curoverse.com/view/Developer/job/developer-run-tests/923/
Updated by Tom Clegg about 6 years ago
Why is this?
- response.headers['Access-Control-Max-Age'] = '86486400'
+ #response.headers['Access-Control-Max-Age'] = '86486400'
+ response.headers['Access-Control-Max-Age'] = '1'
Rest LGTM
Updated by Peter Amstutz about 6 years ago
- Status changed from In Progress to Resolved