Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-21082

new Access Tokens are not listed with API or in UI

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 6.16.0
    • Fix Version/s: None
    • Component/s: Access Tokens, REST API
    • Labels:
      None
    • Severity:
      Medium

      Description

       

      When creating access tokens using the REST API:

      curl -u ${USER}:${TOKEN} -XPOST "https://server.url/artifactory/api/security/token" -d "username=myuser" -d "scope=member-of-groups:mygroup" -d "expires_in=3600"
      

      The resulting token can be used to authenticate and can be revoked with the endpoint `/api/security/token/revoke`.

      The problem is that the token cannot be listed using the GET at `/api/security/token` nor can it be found in the access token admin interface.

      This is problematic because a non expiring admin token can be created and forgotten by any artifactory admin.

       

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              samuel.begin Samuel Bégin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-21082 -
                  SYNCHRONIZED
                  • Last Sync Date: