##// END OF EJS Templates
release: version 5.4.0
release: version 5.4.0

File last commit:

r3290:ac4e4e5a default
r5665:cdbc80b0 merge v5.4.0 stable
Show More
auth-token.rst
80 lines | 2.8 KiB | text/x-rst | RstLexer
docs: update LDAP documentation according to user feedback.
r2656 .. _config-token-ref:
Authentication Tokens
---------------------
docs: added SAML documentation....
r3290 |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work
without a need to enable any additional authentication. `VCS tokens` require dedicated
authentication plugin to be activated. `Web Interface tokens` are controlled by the
white_list configuration.
docs: update LDAP documentation according to user feedback.
r2656
* *API tokens*: API tokens can only be used to execute |RCE| API operations.
You can store your API token and assign it to each instance in
the :file:`/home/{user}/.rhoderc` file. See the
example in :ref:`indexing-ref` section for more details.
* *Feed tokens*: The feed token can only be used to access the RSS feed.
docs: added SAML documentation....
r3290 Usually those are safe to store inside your RSS feed reader.
docs: update LDAP documentation according to user feedback.
r2656
* *Web Interface tokens*: These token allows users to access the web
interface of |RCE| without logging in.
You can add these tokens to an |RCE| server url, to expose the page content
based on the given token.
This is useful to integrate 3rd party systems, good example is to expose
raw diffs to another code-review system without having to worry about
authentication.
These tokens only work if a certain view is whitelisted
under `api_access_controllers_whitelist` inside
the :file:`rhodecode.ini` file.
.. code-block:: bash
# To download a repo without logging into Web UI
https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
# To show commit diff without logging into Web UI
docs: added SAML documentation....
r3290 https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
* *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
operations instead of a password. They are designed to be used with
CI Servers or other third party tools that require |repo| access.
They are also a good replacement for SSH based access.
To use these tokens you need be enabled special authentication method on
|RCE|, as they are disabled by default.
See :ref:`enable-vcs-tokens`.
docs: update LDAP documentation according to user feedback.
r2656
.. _enable-vcs-tokens:
Enabling VCS Tokens
^^^^^^^^^^^^^^^^^^^
To enable VCS Tokens, use the following steps:
1. Go to :menuselection:`Admin --> Authentication`.
docs: added SAML documentation....
r3290 2. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin.
docs: update LDAP documentation according to user feedback.
r2656 3. Click :guilabel:`Save`.
Authentication Token Tips
^^^^^^^^^^^^^^^^^^^^^^^^^
* Use Authentication Tokens instead of your password with external services.
* Create multiple Authentication Tokens on your account to enable
access to your |repos| with a different |authtoken| per method used.
* Set an expiry limit on certain tokens if you think it would be a good idea.
Creating Tokens
^^^^^^^^^^^^^^^
To create authentication tokens for an user, use the following steps:
docs: added SAML documentation....
r3290 1. From the |RCE| interface go to
docs: update LDAP documentation according to user feedback.
r2656 :menuselection:`Username --> My Account --> Auth tokens`.
2. Label and Add the tokens you wish to use with |RCE|.
.. image:: ../images/tokens.png