You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2021/06/25 06:59:00 UTC

[jira] [Created] (KNOX-2624) Introducing token management page

Sandor Molnar created KNOX-2624:
-----------------------------------

             Summary: Introducing token management page
                 Key: KNOX-2624
                 URL: https://issues.apache.org/jira/browse/KNOX-2624
             Project: Apache Knox
          Issue Type: Improvement
    Affects Versions: 1.6.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar


It'd be greate to add management capabilities through a table that contains all of the tokens for the authenticated user.

The Token Management page will contain a table of all active and disabled tokens for the authenticated user like this:


|token-id|comment|created|expiration|status|actions|
| | | | | | |

Token actions may include:
 # Disable/Enable based on the current status
 # Revoke

Actual tokens must not be rendered in the table and are only available for copying from the generation page. Since only hashes of the tokens are stored this is a hard requirement and a security best practice. If end-users lose access to their token, they should revoke it and generate a new one.

Users may be limited to a maximum number of tokens each. This must be a configurable option and default to a reasonable default number that may be changed by an admin. This configuration must accommodate no limit as well but will not default to this.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)