[Pulp-dev] JWT Use Case Revisions for Pulp3

Brian Bouterse bbouters at redhat.com
Mon May 29 17:57:31 UTC 2017

We had a use case call which produced these use cases [0]. Then @fdobrovo
investigated using the django-rest-framework-jwt [1] to fulfil those use
cases and there are some small, but to fulfil the use cases written he had
to write a good amount of code and maybe only used 50 or 100 lines of code
actually from django-rest-framework-jwt.

Through a lot of back and forth on the issue [2], we did a gap analysis and
considered different ways the use cases could be aligned with the
functionality provided by the django-rest-framework. We came up with the
following revised use cases related to JWT that are effectively the same
and would allow the plugin code to be used mostly as-is:

* As an administrator, I can disable JWT token expiration.  This
configuration is in the settings file and is system-wide.
* As an administrator, I can configure the JWT tokens to expire after a
configurable amount of time. This configuration is in the settings file and
is system-wide.
* The JWT shall have a username identifier
* As an API user, I can authenticate any API call (except to request a JWT)
with a JWT.
* As an API user, I can invalidate all JWT tokens for a given user
* As an authenticated user, when deleting a user 'foo', all of user 'foo's
JWTs are invalidated.
* As an un-authenticated user, I can obtain a JWT token, by passing a
username and password via POST

Comments and questions are welcome here. I also hope to append this topic
onto one of the upcoming, Tuesday use case calls. The next call May 30th is
on the Status API and Alternate Content Sources so hopefully there will be
enough time to revisit the JWT use cases then too or on a following call.

[1]: http://getblimp.github.io/django-rest-framework-jwt/
[2]: https://pulp.plan.io/issues/2359

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20170529/2790b558/attachment.htm>

More information about the Pulp-dev mailing list