Built-in service Token

Token service is for issuing a token to an authenticated user for its further use in services that authenticate using a token.

Available at <server address>/test/token.

The service doesn’t require registration in deploy.json. The service provides the issuance of a token for an authorized user, if a user has the use rights for the resource ``ws:::gen-ws-token``or has administrator rights.

A token of the form e444c69894d2087696e0a6c6914788f67ebcf6ee is returned in response to the request. The default token lifetime is 100 years.

An example of the request through the Basic Auth type authentication

curl -u demo@local:ion-demo https://dnt.iondv.com/rest/token

** An example of a request with authentication through parameters in the header **

curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/token

Examples of requestd to the token service in dnt: test/modules/rest/token.spec.js

/Checking token service/# basicAuth authorization with admin rights
/Checking token service/# authorization with admin rights using header parameters

Resource rights

Add the resource for generating tokens for the role using the command line node bin/acl.js --role restGrp --p USE --res ws:::gen-ws-token (where restGrp is a name of existing group)

Another way to add rights to a resource is to use the administrator console of the ionadmin module, for example, at locahost:8888/ionadmin/:

  • Select the “Security” navigation item
  • Select the “Roles” navigation sub-item
  • Select the existing role and click on “Edit” or “Create new role”.
  • In the role field “Access rights”, select the “Services” tab
  • Expand the list of rights for the resource “Generation of security tokens through web services (ws:::gen-ws-token)”
  • Select “Use” and click “Save”