Monday, August 29, 2011

API Token in Jenkins REST API

In Jenkins 1.426, I added the API token support for the REST API.
This is motivated by the same reasons I've done the public key authentication support in Jenkins CLI. Namely, because the security implementation is completely pluggable, we need a uniform way for programs that want to interact with Jenkins to authenticate itself with Jenkins, regardless of whether Jenkins is using OpenID SSO, Active Directory, or anything else.
Starting with this version, every user automatically gets an API token. You can see this value from http://your.jenkins.server/me/configure. This page also allows you to get new API token as needed. It can be then submitted to Jenkins via BASIC authentication when making an HTTP request.
So hopefully this makes it a bit easier to develop programs that interact with Jenkins.
Now, while I was doing this, I started thinking that it'd be nice if we can unify the CLI authentication and the REST API authentication by using SSH public key authentication over SPNEGO. It won't be practical until most of the client-side libraries/tools support such implementation, but it seems a lot easier and flexible to deploy than HTTPS client authentication, and useful for all kinds of websites/webapps. All it takes is someone to define a GSSAPI binding for SSH key exchange. I'm hoping someone would make it happen!

Follow CloudBees:
Facebook Twitter

No comments:

Post a Comment