Page MenuHomeSoftware Heritage

Add Web UI to generate and revoke bearer tokens
Closed, ResolvedPublic


In order for authenticated and authorized users to easily generate and revoke their bearer tokens to lift Web API rate limit, a dedicated Web UI must be added.

The workflow will be the following. When clicking on a "Generate token" button, user will be asked to enter his password again and if it is valid, an offline
refresh token will be generated by sending a request to the Keycloak server. This token will then be encrypted, using a key derived from the user password
and a salt value, and stored to database.

The UI will also display a list of tokens generated so far by a user and two actions will be offered for each of them: "Show token" and "Revoke token".
Those actions will also be protected by the user password.