diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/docsite/rst/rest_api/authentication.rst | 12 | ||||
| -rw-r--r-- | docs/docsite/rst/rest_api/awx-manage.rst | 65 |
2 files changed, 7 insertions, 70 deletions
diff --git a/docs/docsite/rst/rest_api/authentication.rst b/docs/docsite/rst/rest_api/authentication.rst index f8d8cb31ad..d438b75c70 100644 --- a/docs/docsite/rst/rest_api/authentication.rst +++ b/docs/docsite/rst/rest_api/authentication.rst @@ -11,7 +11,7 @@ This chapter describes basic and session authentication methods, the best use ca .. contents:: :local: -AWX is designed for organizations to centralize and control their automation with a visual dashboard for out-of-the box control while providing a REST API to integrate with your other tooling on a deeper level. AWX supports a number of authentication methods to make it easy to embed AWX into existing tools and processes to help ensure the right people can access AWX resources. +AWX is designed for organizations to centralize and control their automation with a visual dashboard for out-of-the box control while providing a REST API to integrate with your other tooling on a deeper level. AWX supports a number of authentication methods to make it easy to embed AWX into existing tools and processes to help ensure the right people can access AWX resources. .. _api_session_auth: @@ -44,7 +44,7 @@ Using the curl tool, you can see the activity that occurs when you log into AWX. --cookie 'csrftoken=K580zVVm0rWX8pmNylz5ygTPamgUJxifrdJY0UDtMMoOis5Q1UOxRmV9918BUBIN' \ https://<awx-host>/api/login/ -k -D - -o /dev/null -All of this is done by the AWX when you log in to the UI or API in the browser, and should only be used when authenticating in the browser. +All of this is done by the AWX when you log in to the UI or API in the browser, and should only be used when authenticating in the browser. A typical response might look like: @@ -92,11 +92,11 @@ Setting a session limit allows administrators to limit the number of simultaneou A session is created for each browser that a user uses to log in, which forces the user to log out any extra sessions after they exceed the administrator-defined maximum. -Session limits may be important, depending on your particular setup. For example, perhaps you only want a single user on your system with a single login per device (where the user could log in on his work laptop, phone, or home computer). In such a case, you would want to create a session limit equal to 1 (one). If the user logs in on his laptop, for example, then logs in using his phone, his laptop session expires (times out) and only the login on the phone persists. Proactive session limits will kick the user out when the session is idle. The default value is **-1**, which disables the maximum sessions allowed altogether, meaning you can have as many sessions without an imposed limit. +Session limits may be important, depending on your particular setup. For example, perhaps you only want a single user on your system with a single login per device (where the user could log in on his work laptop, phone, or home computer). In such a case, you would want to create a session limit equal to 1 (one). If the user logs in on his laptop, for example, then logs in using his phone, his laptop session expires (times out) and only the login on the phone persists. Proactive session limits will kick the user out when the session is idle. The default value is **-1**, which disables the maximum sessions allowed altogether, meaning you can have as many sessions without an imposed limit. -While session counts can be very limited, they can also be expanded to cover as many session logins as are needed by your organization. +While session counts can be very limited, they can also be expanded to cover as many session logins as are needed by your organization. -When a user logs in and their login results in other users being logged out, the session limit has been reached and those users who are logged out are notified as to why the logout occurred. +When a user logs in and their login results in other users being logged out, the session limit has been reached and those users who are logged out are notified as to why the logout occurred. .. note:: To make the best use of session limits, disable ``AUTH_BASIC_ENABLED`` by changing the value to ``False``, as it falls outside of the scope of session limit enforcement. @@ -105,7 +105,7 @@ When a user logs in and their login results in other users being logged out, the Basic Authentication ==================== -Basic Authentication (Basic Auth) is stateless, thus the base64-encoded ``username`` and ``password`` must be sent along with each request via the Authorization header. This can be used for API calls from curl requests, python scripts, or individual requests to the API. +Basic Authentication (Basic Auth) is stateless, thus the base64-encoded ``username`` and ``password`` must be sent along with each request via the Authorization header. This can be used for API calls from curl requests, python scripts, or individual requests to the API. Example with curl: .. code-block:: text diff --git a/docs/docsite/rst/rest_api/awx-manage.rst b/docs/docsite/rst/rest_api/awx-manage.rst index 9d42b5419f..bb52052d3b 100644 --- a/docs/docsite/rst/rest_api/awx-manage.rst +++ b/docs/docsite/rst/rest_api/awx-manage.rst @@ -70,75 +70,12 @@ Cluster management .. _ag_token_utility: -Token and session management +Session management ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. index:: - single: awx-manage; token management single: awx-manage; session management -AWX supports the following commands for OAuth2 token management: - -.. contents:: - :local: - - -``create_oauth2_token`` -^^^^^^^^^^^^^^^^^^^^^^^^ - -Use this command to create OAuth2 tokens (specify actual username for ``example_user`` below): - -:: - - $ awx-manage create_oauth2_token --user example_user - - New OAuth2 token for example_user: j89ia8OO79te6IAZ97L7E8bMgXCON2 - -Make sure you provide a valid user when creating tokens. Otherwise, you will get an error message that you tried to issue the command without specifying a user, or supplying a username that does not exist. - - -.. _ag_manage_utility_revoke_tokens: - - -``revoke_oauth2_tokens`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Use this command to revoke OAuth2 tokens (both application tokens and personal access tokens (PAT)). By default, it revokes all application tokens (but not their associated refresh tokens), and revokes all personal access tokens. However, you can also specify a user for whom to revoke all tokens. - -To revoke all existing OAuth2 tokens: - -:: - - $ awx-manage revoke_oauth2_tokens - -To revoke all OAuth2 tokens & their refresh tokens: - -:: - - $ awx-manage revoke_oauth2_tokens --revoke_refresh - -To revoke all OAuth2 tokens for the user with ``id=example_user`` (specify actual username for ``example_user`` below): - -:: - - $ awx-manage revoke_oauth2_tokens --user example_user - -To revoke all OAuth2 tokens and refresh token for the user with ``id=example_user``: - -:: - - $ awx-manage revoke_oauth2_tokens --user example_user --revoke_refresh - - - -``cleartokens`` -^^^^^^^^^^^^^^^^^^^ - -Use this command to clear tokens which have already been revoked. Refer to `Django's Oauth Toolkit documentation on cleartokens`_ for more detail. - - .. _`Django's Oauth Toolkit documentation on cleartokens`: https://django-oauth-toolkit.readthedocs.io/en/latest/management_commands.html - - ``expire_sessions`` ^^^^^^^^^^^^^^^^^^^^^^^^ |