kibana

mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00

History

Court Ewing 948932ae45 [security] Token auth provider (#26997 ) * [security] Token auth provider From a user perspective, the token provider behaves similarly to the basic provider in that it can power the native login experience and can also be used for API calls via the authorization header (albeit with the Bearer realm). From a technical perspective, the token provider deals with authentication via the token service in Elasticsearch, so while it handles user credentials in the case of login, a temporary, refreshable access token is stored in the session cookie instead. This means that when you log out, not only is the cookie invalidated, but the token itself cannot be reused. * token provider integration tests * include token api integration tests by default * remove unused ProviderOptions from typedef * assert that valid login sets an authorization header * unit tests for refresh token and failure cases * integration tests for headers and sessions * clean up login/logout tests for consistent setup functions * test for header rejection scenarios	2018-12-19 11:13:29 -05:00
..
auth	[security] Token auth provider (#26997 )	2018-12-19 11:13:29 -05:00
config.js	[security] Token auth provider (#26997 )	2018-12-19 11:13:29 -05:00

[security] Token auth provider (#26997 )

* [security] Token auth provider

From a user perspective, the token provider behaves similarly to the
basic provider in that it can power the native login experience and can
also be used for API calls via the authorization header (albeit with the
Bearer realm).

From a technical perspective, the token provider deals with
authentication via the token service in Elasticsearch, so while it
handles user credentials in the case of login, a temporary, refreshable
access token is stored in the session cookie instead. This means that
when you log out, not only is the cookie invalidated, but the token
itself cannot be reused.

* token provider integration tests

* include token api integration tests by default

* remove unused ProviderOptions from typedef

* assert that valid login sets an authorization header

* unit tests for refresh token and failure cases

* integration tests for headers and sessions

* clean up login/logout tests for consistent setup functions

* test for header rejection scenarios

2018-12-19 11:13:29 -05:00

auth

[security] Token auth provider (#26997 )

2018-12-19 11:13:29 -05:00

config.js

[security] Token auth provider (#26997 )

2018-12-19 11:13:29 -05:00