Built-in “token” service

The token service is intended for issuing a token to an authenticated user for its further use in token authentication services.

Available at <server address>/test/token.

The service does not require registration in deploy.json. The service provides the issuance of a token for an authorized user if he has the use rights for the ws:::gen-ws-token resource or has administrator rights. In response to the request, a token of the form e444c69894d2087696e0a6c6914788f67ebcf6ee is returned. The default token lifetime is 100 years.

Example of a request using basicAuth authentication

curl -u demo@local:ion-demo https://dnt.iondv.com/rest/token

Example of a request with authentication through parameters in the header

curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/token

Examples of requests to the token service in dnt: test/modules/rest/token.spec.js

/Checking token service/# basicAuth authorization with admin rights
/Checking token service/# authorization with admin rights using header parameters

You can add a resource for generating tokens for a role from the command line node bin/acl.js --role restGrp --p USE --res ws:::gen-ws-token (where restGrp is the name of an existing group)

The second way to add rights to a resource is to use the admin console of the ionadmin module, for example, by going to locahost:8888/ionadmin/:

  • Select the “Security” navigation item
  • Select the “Roles” navigation sub-item
  • Select an existing role and click edit or create a new role
  • In the role “Access rights” field, select the “Services” tab
  • Expand the list of rights for the resource “Generation of security tokens through web services (ws:::gen-ws-token)”
  • Select “Use” and click “Save”