-
Type:
Bug
-
Status: Open
-
Resolution: Unresolved
-
Affects Version/s: 6.16.0
-
Fix Version/s: None
-
Component/s: Access Tokens, REST API
-
Labels:None
-
Severity:Medium
When creating access tokens using the REST API:
curl -u ${USER}:${TOKEN} -XPOST "https://server.url/artifactory/api/security/token" -d "username=myuser" -d "scope=member-of-groups:mygroup" -d "expires_in=3600"
The resulting token can be used to authenticate and can be revoked with the endpoint `/api/security/token/revoke`.
The problem is that the token cannot be listed using the GET at `/api/security/token` nor can it be found in the access token admin interface.
This is problematic because a non expiring admin token can be created and forgotten by any artifactory admin.