Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return API key name as part of _authenticate response #70306

Closed
bytebilly opened this issue Mar 11, 2021 · 1 comment · Fixed by #78946
Closed

Return API key name as part of _authenticate response #70306

bytebilly opened this issue Mar 11, 2021 · 1 comment · Fixed by #78946
Assignees
@justincr-elastic
Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team

Comments

@bytebilly
Copy link
Contributor

Problem statement

When the _authenticate API is called using an API key, the response includes information about the user but no details about the API key itself.

The API key name could be useful to get, as it can be used to identify the key without using a separate call.

Proposed solution

Return the API key name field as part of the _authenticate response payload.
@bytebilly bytebilly added >enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team labels Mar 11, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@tvernum tvernum mentioned this issue Apr 12, 2021
Merged
@tvernum tvernum mentioned this issue Sep 21, 2021
Open
@justincr-elastic justincr-elastic self-assigned this Sep 28, 2021
justincr-elastic added a commit to justincr-elastic/elasticsearch that referenced this issue Oct 11, 2021
@justincr-elastic
Return API KEY name in _authentication response
2442918 
Responses to POST /_security/api_key includes id, name, metadata,
api_key (shared secret), and encoded (base64 of id:api_key).

Requests to GET /_security/_authenticate returns data about the user,
but not the API KEY.

When authenticating using an API KEY, return API KEY info map in the
response. The initial feature request asked for 'name'. However, the
request's Authentication header contains 'encoded', so the decoded
'id' will be returned for convenience too.

When authenticating using any other method, API KEY info map is
omitted.

Closes elastic#70306
justincr-elastic added a commit to justincr-elastic/elasticsearch that referenced this issue Oct 11, 2021
@justincr-elastic
Return API KEY name in _authentication response
bc1bac4 
Responses to POST /_security/api_key includes id, name, metadata,
api_key (shared secret), and encoded (base64 of id:api_key).

Requests to GET /_security/_authenticate returns data about the user,
but not the API KEY.

When authenticating using an API KEY, return API KEY info map in the
response. The initial feature request asked for 'name'. However, the
request's Authentication header contains 'encoded', so the decoded
'id' will be returned for convenience too.

When authenticating using any other method, API KEY info map is
omitted.

Closes elastic#70306
@justincr-elastic justincr-elastic mentioned this issue Oct 11, 2021
Merged
justincr-elastic added a commit that referenced this issue Oct 29, 2021
@justincr-elastic
Return API KEY name in _authentication response (#78946)
8aa8fd3 
* Return API KEY name in _authentication response

Requests to GET /_security/_authenticate returned data about
a user, but not an API KEY. Return API KEY info map containing
name and id.

API KEY info map is omitted for other authentication types.

Closes #70306
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@justincr-elastic justincr-elastic

Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Return API key name in _authentication response justincr-elastic/elasticsearch
3 participants
@elasticmachine @bytebilly @justincr-elastic