github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 07:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

HLRC: Add security Create Token API (#34791)

Browse source 
This adds the Create Token API (POST /_xpack/security/oauth2/token)
to the High Level Rest Client.

Relates: #29827
This commit is contained in:
Tim Vernum 2018-10-29 17:17:56 +11:00 committed by GitHub
parent bb5b59004e
commit 9c27b407f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 662 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

85
docs/java-rest/high-level/security/create-token.asciidoc Normal file
View file

@ -0,0 +1,85 @@
[[java-rest-high-security-create-token]]
=== Create Token API
[[java-rest-high-security-create-token-request]]
==== Request
The `CreateTokenRequest` supports three different OAuth2 _grant types_:
===== Password Grants
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-password-request]
--------------------------------------------------
===== Refresh Token Grants
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-refresh-request]
--------------------------------------------------
===== Client Credential Grants
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-client-credentials-request]
--------------------------------------------------
[[java-rest-high-security-create-token-execution]]
==== Execution
Creating a OAuth2 security token can be performed by passing the appropriate request to the
`security().createToken()` method:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute]
--------------------------------------------------
[[java-rest-high-security-create-token-response]]
==== Response
The returned `CreateTokenResponse` contains the following properties:
`accessToken`:: This is the newly created access token.
It can be used to authenticate to the Elasticsearch cluster.
`type`:: The type of the token, this is always `"Bearer"`.
`expiresIn`:: The length of time until the token will expire.
The token will be considered invalid after that time.
`scope`:: The scope of the token. May be `null`.
`refreshToken`:: A secondary "refresh" token that may be used to extend
the life of an access token. May be `null`.
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-response]
--------------------------------------------------
<1> The `accessToken` can be used to authentication to Elasticsearch.
<2> The `refreshToken` can be used in to create a new `CreateTokenRequest` with a `refresh_token` grant.
[[java-rest-high-security-create-token-async]]
==== Asynchronous Execution
This request can be executed asynchronously using the `security().createTokenAsync()`
method:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-async]
--------------------------------------------------
<1> The `CreateTokenRequest` to execute and the `ActionListener` to use when
the execution completes
The asynchronous method does not block and returns immediately. Once the request
has completed the `ActionListener` is called back using the `onResponse` method
if the execution successfully completed or using the `onFailure` method if
it failed.
A typical listener for a `CreateTokenResponse` looks like:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-listener]
--------------------------------------------------
<1> Called when the execution is successfully completed. The response is
provided as an argument
<2> Called in case of failure. The raised exception is provided as an argument

2
docs/java-rest/high-level/supported-apis.asciidoc
View file

@ -329,6 +329,7 @@ The Java High Level REST Client supports the following Security APIs:
* <<java-rest-high-security-put-role-mapping>>
* <<java-rest-high-security-get-role-mappings>>
* <<java-rest-high-security-delete-role-mapping>>
* <<java-rest-high-security-create-token>>
include::security/put-user.asciidoc[]
include::security/enable-user.asciidoc[]
@ -340,6 +341,7 @@ include::security/get-certificates.asciidoc[]
include::security/put-role-mapping.asciidoc[]
include::security/get-role-mappings.asciidoc[]
include::security/delete-role-mapping.asciidoc[]
include::security/create-token.asciidoc[]
== Watcher APIs