Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20908

Admin doing refresh on a token with explicit 'refreshable=true' - will get a non-refreshable toekn

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 4 - Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.16.1
    • Fix Version/s: None
    • Component/s: Access Client
    • Labels:
      None
    • Severity:
      Medium

      Description

      Steps to reproduce:

      1. Generate a token as admin - non admins will not experience this

       curl -u admin -XPOST "localhost:8080/artifactory/api/security/token" -d "username=johnq" -d "scope=member-of-groups:*" -d "refreshable=true" 

      2. Refresh the token with explicit refreshable=true (though it's not really needed as this is the default for refreshing tokens):

       curl -H "Content-type: application/x-www-form-urlencoded" -i -Lvv -XPOST "localhost:8080/artifactory/api/security/token" -d "grant_type=refresh_token" -d "refresh_token=$REFRESH" -d "access_token=$TOKEN" -d "refreshable=true" -uadmin:password

      see that you get a non-refreshable token now.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            andreik Andrei Komarov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-20908 -
                SYNCHRONIZED
                • Last Sync Date: