Red Hat SummitCreate, revoke, or clear tokens
Ansible Automation Platform supports the following commands for OAuth2 token management:
create_oauth2_token
Use the following command to create OAuth2 tokens (specify the username for example_user):
$ aap-gateway-manage create_oauth2_token --user example_user
New OAuth2 token for example_user: j89ia8OO79te6IAZ97L7E8bMgXCON2Ensure that you give a valid user when creating tokens. Otherwise, an error message that you attempted to issue the command without specifying a user, or supplied a username that does not exist, is displayed.
revoke_oauth2_tokens
Use this command to revoke OAuth2 tokens, both application tokens and personal access tokens (PAT). It revokes all application tokens (but not their associated refresh tokens), and revokes all personal access tokens. However, you can also specify a user for whom to revoke all tokens.
To revoke all existing OAuth2 tokens use the following command:
$ aap-gateway-manage revoke_oauth2_tokensTo revoke all OAuth2 tokens and their refresh tokens use the following command:
$ aap-gateway-manage revoke_oauth2_tokens --revoke_refreshTo revoke all OAuth2 tokens for the user with id=example_user (specify the username for example_user):
$ aap-gateway-manage revoke_oauth2_tokens --user example_userTo revoke all OAuth2 tokens and refresh token for the user with id=example_user:
$ aap-gateway-manage revoke_oauth2_tokens --user example_user --revoke_refresh cleartokens
Use the cleartokens command to delete all sessions that have expired.
For more information, see cleartokens in Django’s Oauth Toolkit documentation.
In Ansible Automation Platform 2.7, all user tokens are managed centrally through platform gateway. Clearing tokens removes access across all platform components.
clearsessions
Use the cleartokens command to delete all sessions that have expired.
In Ansible Automation Platform 2.7, all user tokens are managed centrally through platform gateway. Clearing tokens removes access across all platform components.
For more information, see Clearing the session store in Django’s Oauth Toolkit documentation.
For more information about OAuth2 token management in the UI, see the Applications.
Personal Access Token migration
After upgrading to Ansible Automation Platform 2.6, Personal Access Tokens (PATs) from a 2.4 automation controller remain functional. They are visible in the platform gateway UI and you can use them with both automation controller and platform gateway APIs.
Managing automation controller tokens
After the upgrade, you can perform the following actions with your automation controller tokens:
- Platform gateway UI: You can edit or delete the tokens, but you cannot create or refresh them.
- Automation controller API: You can create, edit, delete, or refresh the tokens.
Tokens are labeled in the UI to indicate if they are automation controller only or platform gateway. Platform gateway tokens are unaffected by these requirements, other than being rendered in the UI with a platform type.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}