Personal Access Token for web-based login users

27 views
Skip to first unread message

Helge Walter

unread,
Jul 15, 2020, 1:47:05 AM7/15/20
to go-cd
Hello,

in our environment we use a web based login for the corporate single sign-on system. I want to provide GoCD API access to the users but it is not possible for the users to create a personal access token:
Creation of access token is not supported by the plugin cd.go.authorization.oidc.

Creation of the access token is only possible for users created locally using the Password File Authentication Plugin.
Is it somehow possible to allow creation of personal access tokens for users with web based logins?

Regards,
Helge

PS: I do not see any function in the Authorization Plugin API which allows to specify whether or not the plugin allows creation of personal access tokens .. So I think this problem is related to the kind of authorization and not specific to the plugin implementation itself. Am I right?

kritik...@thoughtworks.com

unread,
Jul 15, 2020, 2:01:09 AM7/15/20
to go-cd
Hello Helge,

Personal access tokens can be created using web based logins. For this the plugins would need to implement Authorization Extension v2, specifically the 'is-valid-user' call.
You would need to check with the plugin provider for the update plugin.

Thanks
Kritika

Helge Walter

unread,
Jul 15, 2020, 2:57:17 AM7/15/20
to go-cd
Hello Kritika,

thank you for your fast reply.
I missed that I have to implement the is-valid-user call to get the "API call feature" for the users. I avoided to implement this because it is a little bit complicated in our organization to get the introspection endpoint access. Now I have to do this nevertheless.

Regards,
Helge

Ketan Padegaonkar

unread,
Jul 15, 2020, 3:30:41 AM7/15/20
to go...@googlegroups.com
This API call allows the gocd server to make sure that users still have appropriate authorization to access gocd — so you must implement it if you want to be using API tokens for web based auth plugins.

- Ketan



--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/dc8a583d-0e22-4f6d-9f83-9a6e74cda922o%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages