Built-in “token” service¶
The token
service is intended for issuing a token to an authenticated user for its further use in token authentication services.
Available at <server address>/test/token
.
The service does not require registration in deploy.json. The service provides the issuance of a token for an authorized user if he has the use
rights for the ws:::gen-ws-token
resource or has administrator rights. In response to the request, a token of the form e444c69894d2087696e0a6c6914788f67ebcf6ee
is returned. The default token lifetime is 100 years.
Example of a request using basicAuth authentication
curl -u demo@local:ion-demo https://dnt.iondv.com/rest/token
Example of a request with authentication through parameters in the header
curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/token
Examples of requests to the token service in dnt: test/modules/rest/token.spec.js
/Checking token service/# basicAuth authorization with admin rights
/Checking token service/# authorization with admin rights using header parameters
You can add a resource for generating tokens for a role from the command line node bin/acl.js --role restGrp --p USE --res ws:::gen-ws-token
(where restGrp is the name of an existing group)
The second way to add rights to a resource is to use the admin console of the ionadmin module, for example, by going to locahost:8888/ionadmin/
:
- Select the “Security” navigation item
- Select the “Roles” navigation sub-item
- Select an existing role and click edit or create a new role
- In the role “Access rights” field, select the “Services” tab
- Expand the list of rights for the resource “Generation of security tokens through web services (ws:::gen-ws-token)”
- Select “Use” and click “Save”