Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-21082

new Access Tokens are not listed with API or in UI

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 4 - Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.16.0
    • Fix Version/s: None
    • Component/s: Access Tokens, REST API
    • Labels:
      None
    • Severity:
      Medium

      Description

       

      When creating access tokens using the REST API:

      curl -u ${USER}:${TOKEN} -XPOST "https://server.url/artifactory/api/security/token" -d "username=myuser" -d "scope=member-of-groups:mygroup" -d "expires_in=3600"
      

      The resulting token can be used to authenticate and can be revoked with the endpoint `/api/security/token/revoke`.

      The problem is that the token cannot be listed using the GET at `/api/security/token` nor can it be found in the access token admin interface.

      This is problematic because a non expiring admin token can be created and forgotten by any artifactory admin.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            samuel.begin Samuel Bégin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-21082 -
                SYNCHRONIZED
                • Last Sync Date: