CODEWITHSUNDEEP
artifactory
daveg
daveg

Reputation: 1201

Artifactory access token works via Bearer, not user

Artifactory OSS
5.4.6 rev 50406900

Trying to get access token to work.
I created token...

e.g. curl -uadmin:adminpw -X POST "myserver:8081/artifactory/api/security/token" -d "username=moehoward"

Returned msg looks like success...

{
  "scope" : "member-of-groups:readers api:*",
  "access_token" : <very-long-string> 
  "expires_in" : 3600,
  "token_type" : "Bearer"
}

I can see it in the gui (admin -> Security -> Access Tokens) with "Subject" = to the user ("moehoward" in the example above) and with a "Token ID" that's a lot shorter, something like...

f2eb693a-d4ff-4618-ba52-764dc975c497

To test, I tried to ping using example in the docs...

curl -umoehoward:<very-long-string> myserver:8081/artifactory/api/system/ping

Fails with a 401 (bad credentials).

I replace the token with the "token id" I see in the gui, same result.

I replace again with the hardcoded pw of the "moehoward" user and that works (responds with "OK").

I tried the "-H"Authentication: Bearer " approach using the long string and that worked. So I guess the very long string is the token and not the "Token ID" in the gui.

Q: Any idea why this works for Bearer" and not the user by name ?

Upvotes: 2

Views: 10691

Answers (1)

Arnaud Jeansen
Arnaud Jeansen

Reputation: 1726

So you are right that this is supposed to work for both standard authentication and the Authentication HTTP header.

I did the test on a server with the same version Artifactory OSS 5.4.6 and the following works fine here

Inject the proper variables

export SERVER=server-artifactory
export APIKEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Create and use an access token for user moehoward

curl -u "admin:$APIKEY" -X POST "http://$SERVER/artifactory/api/security/token" -d "username=moehoward" -d "scope=member-of-groups:readers" > token.log
export TOKEN=`cat token.log | jq -r '.access_token'`
curl -u "moehoward:$TOKEN" "http://$SERVER/artifactory/api/system/ping"
curl -H "Authorization: Bearer $TOKEN" "http://$SERVER/artifactory/api/system/ping"

I get "OK" from the last two commands. Can you run exactly these commands and report back?

I have personally experienced the same problem (Bearer header working, standard user credentials not working) with an old version of curl. The obvious workaround is to use Bearer, the more complex workaround is to upgrade curl (or use another tool).

What is the version of curl you use? Any curl from 2015 or more recent should work fine.

Upvotes: 4

Related Questions