Authorization Token for accessing the Foreman API

Ji1990 · March 5, 2019, 12:23pm

Problem:
I have worked with many IT systems and some of them (for ex: Rundeck) have a very cool feature of generating an API Authorization Token for a specific user. Afterwards, this user, can send REST API requests, for example with curl by using this Authorization Token. The token has an expiration time and needs to be renewed periodically.

At the moment, I am aware of 2 ways of accessing the API:

username/password
–header ‘Authorization: Basic <base64_encoded_username_and_password>’

Both of these, in my opinion, are insecure to be put in scripts.

I don’t think this Authorization Token feature is patented in any way because I think it’s a standard concept used in various IT systems.

Is there some initiative to integrate something like this in Foreman ?

Foreman and Proxy versions: 1.15

ekohl · March 5, 2019, 3:44pm

If you upgrade, you have Personal Access Tokens. Perhaps these suit your use case? It does look like the documentation is very limited.

TimoGoebel · March 5, 2019, 4:50pm

Yeah, unfortunately Personal Access Tokens also don’t have a UI, yet. But you can create them via hammer or the API.
You can use the PAT like a password.

Ji1990 · March 6, 2019, 9:01am

Oh, I didn’t know this existed.

Okay, I’ll check what is possible with those tokens.

andyfry · February 1, 2021, 11:17pm

Old topic, but is there any progress on creating PAT from the UI?