anancarv
Support new CreateToken API/allow setting custom scope
Is your feature request related to a problem? Please describe.
The old Create Token API that is used by ArtifactorySecurity.create_access_token() is deprecated: https://jfrog.com/help/r/jfrog-rest-apis/delete-group?tocId=2_OrHvmQlC6dtFFR8F9i3w
Describe the solution you'd like
Add support for or use the new Create Token API instead: https://jfrog.com/help/r/jfrog-rest-apis/create-token
Additional context
We ran into an issue today where all the tokens generated with pyartifactory didn't actually have any permissions. It seems the "scope" value of the deprecated API endpoint expects the format of the new endpoint (e.g. "applied-permissions/user" is what we're using now after monkey-patching pyartifactory).
Thanks for pointing it out @NiklasRosenstein . I'll update that feature ASAP
Thanks @anancarv !
FYI, this is how I worked around it for now:
def create_access_token(
self: ArtifactorySecurity,
user_name: str,
expires_in: int = 3600,
refreshable: bool = False,
groups: list[str] | None = None,
) -> AccessTokenModel:
"""
A variation of #ArtifactorySecurity.create_access_token() that passes the correct "scope".
"""
payload = {
"username": user_name,
"expires_in": expires_in,
"refreshable": refreshable,
}
payload.update({"scope": "applied-permissions/user"})
response = self._post(f"api/{self._uri}/token", data=payload, raise_for_status=False)
if response.ok:
return AccessTokenModel(**response.json())
raise InvalidTokenDataException(response.json().get("error_description", "Unknown error"))
ArtifactorySecurity.create_access_token = create_access_token # type: ignore[method-assign]
That being said, JFrog did acknowledge that this as a bug in the old endpoint that was recently introduced: