이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 6. Authorizations

This chapter provides information on API resources to add, view, and manage authorization tokens. An authorization token is a secret value that is used to automatically log in to an OpenShift Enterprise account without entering login information each time. A token is also used to grant another user full or partial access to an account, determined by the scope of the token.

Authorization tokens are easily managed and offer better security because there is no need to repeatedly supply login credentials. For example, if a password is ever compromised, the password must be reset. If a secret authorization token is compromised, that token can be revoked and another one created.

The following table describes each parameter associated with an OpenShift authorization token.

Expand

Name	Description
`id`	Unique OpenShift login that created this authorization token.
`scope`	Scope of the authorization token to determine type of access. Scopes that are supported by a server are described in the `ADD_AUTHORIZATION` resource link and may be different for each server.
`note`	A reminder description of what the authorization is for.
`expires_in`	Total time in seconds before this authorization expires. Out of range values will be set to the maximum allowed time.
`expires_in_seconds`	Remaining time in seconds before this authorization expires.
`reuse`	Attempt to locate and reuse an authorization that matches the scope and note and has not yet expired.
`token`	Authorization string that contains user credentials.

The following table describes the available scope options that determine the type of access a user is granted with an authorization.

Expand

Name	Description
`session`	Grants a client the authority to perform all API actions against an account. Valid for one day.
`read`	Access to the API is read-only, while authorization endpoints cannot be read.
`userinfo`	Only read access to the `/user` API resource is provided.

6.1. Add an Authorization
링크 복사

Description

Add an authorization to the specified user account.

Method and URL Structure

Expand

Method	URL Structure
`POST`	`/broker/rest/user/authorizations`

Request Parameters

Expand

Name	Description	Required	Default
`scope`	Scope of the authorization	No	userinfo
`note`	Reminder description of authorization	No
`expires_in`	Number of seconds before authorization expires	No	-1 ^[a]
`reuse`	Attempt to locate and reuse an authorization matching scope and note and has not expired	No	`false`
^[a] For invalid values, the default is determined by the server.

See Section A.2, “Authorizations” for more information about the valid options applicable to these request parameters.

Request

{
  "scope": "userinfo",
  "note": "This is my UPDATED note to myself",
  "expires_in": -1,
  "reuse": false
}

{
  "scope": "userinfo",
  "note": "This is my UPDATED note to myself",
  "expires_in": -1,
  "reuse": false
}

Copy to Clipboard

Toggle word wrap

cURL Command Example

curl -X POST https://openshift.redhat.com/broker/rest/user/authorizations --user user@example.com:password --data-urlencode scope=userinfo --data-urlencode note=This is my UPDATED note to myself --data-urlencode expires_in=-1 --data-urlencode reuse=false

$ curl -X POST https://openshift.redhat.com/broker/rest/user/authorizations --user user@example.com:password --data-urlencode scope=userinfo --data-urlencode note=This is my UPDATED note to myself --data-urlencode expires_in=-1 --data-urlencode reuse=false

Copy to Clipboard

Toggle word wrap

JSON Response

The related resource links returned by the API have been left out for brevity. See Chapter 6, Authorizations for more information on all authorization parameters.

{
  "api_version": 1.6,
  "data": {
    "created_at": "2013-08-21T02:02:10Z",
    "expires_in": 2592000,
    "expires_in_seconds": 2592000,
    "id": "52141fa2e499b2229e00009b",
    "identity": "user@example.com",
    "note": "This is my UPDATED note to myself",
    "scopes": "userinfo",
    "token": "6c85ff7f619a964e260ee6def3fc5829128dbba3f8bc11a5d89178e0d6e7a163"
  },
  "messages": [
    {
      "exit_code": 0,
      "field": null,
      "severity": "info",
      "text": "Create authorization"
    }
  ],
  "status": "created",
  "supported_api_versions": [
    1.0,
    1.1,
    1.2,
    1.3,  
    1.4,
    1.5,
    1.6
  ],
  "type": "authorization",
  "version": "1.6"
}

{
  "api_version": 1.6,
  "data": {
    "created_at": "2013-08-21T02:02:10Z",
    "expires_in": 2592000,
    "expires_in_seconds": 2592000,
    "id": "52141fa2e499b2229e00009b",
    "identity": "user@example.com",
    "note": "This is my UPDATED note to myself",
    "scopes": "userinfo",
    "token": "6c85ff7f619a964e260ee6def3fc5829128dbba3f8bc11a5d89178e0d6e7a163"
  },
  "messages": [
    {
      "exit_code": 0,
      "field": null,
      "severity": "info",
      "text": "Create authorization"
    }
  ],
  "status": "created",
  "supported_api_versions": [
    1.0,
    1.1,
    1.2,
    1.3,  
    1.4,
    1.5,
    1.6
  ],
  "type": "authorization",
  "version": "1.6"
}

Copy to Clipboard

Toggle word wrap

맨 위로 이동

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 6. Authorizations

6.1. Add an Authorization
링크 복사

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 6. Authorizations

6.1. Add an Authorization링크 복사링크가 클립보드에 복사되었습니다!

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

6.1. Add an Authorization
링크 복사