What is client token in the response for the userpass login endpoint?
82 views
Skip to first unread message
Akshat Jiwan Sharma
Jul 25, 2017, 10:54:17 AM7/25/17
to Vault
Vault exposes an http api from which we can make a request to login with the user's credentials.
On a successful login a response like this is returned from the vault server
I wanted to understand what client_token stands for in this response. Is it something like a cookie?
{
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"auth": {
"client_token": "c4f280f6-fdb2-18eb-89d3-589e2e834cdb",
"policies": [
"admins"
],
"metadata": {
"username": "mitchellh"
},
"lease_duration": 0,
"renewable": false
}
}I wanted to understand what client_token stands for in this response. Is it something like a cookie?
Is it automatically generated or is it a parameter that is set before by some other api?
Thanks,
Akshat
Calvin Leung Huang
Jul 25, 2017, 11:21:05 AM7/25/17
to Vault
The client_token is the underlying token that is used to perform authentication. Even though userpass backend asks for a username and password to authenticate, the underlying mechanism in vault generates a client_token for that user, which is then used to authenticate. When using the CLI to authenticate, that step is performed automatically, so providing the username and password will authenticate the user without any extra steps. If authentication is performed via the API, as you've done, you will need to provide that client_token for further vault operations, either via `vault auth <client_token>` for CLI operations, or exporting it as the `VAULT_TOKEN` environment variable for API operations.
For more information on token authentication, see https://www.vaultproject.io/docs/internals/token.html.
- Calvin
Akshat Jiwan Sharma
Jul 25, 2017, 8:53:07 PM7/25/17
to vault...@googlegroups.com
Thanks for the detailed explanation Calvin !
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to a topic in the Google Groups "Vault" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vault-tool/6NNG3zu10k8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/f3255ff2-72fa-47fa-a8ab-654ad90db9fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages