Obtain authentication tokens
Last updated
Last updated
There are two types of authentication tokens: an access token and a refresh token.
Access token: A short-lived token (valid for five minutes) used to access the WEKA system API and enable secure filesystem mounting.
Refresh token: A long-lived token (one month by default, but customizable) used to obtain new access tokens as needed.
Procedure
Do one of the following:
To obtain the refresh token and access token through the CLI, log in to the system using the command: weka user login
. For details, see Log-in to the WEKA cluster.
The system creates an authentication token file and saves it in ~/.weka/auth-token.json
. The token file contains both the access token and the refresh token.
To obtain the refresh token and access token through the REST API, use the POST /login
. The API returns the token in the response body.
When working with the REST API, local users may use a long-lived token (a token that doesn't require a refresh every 5 minutes).
As a local user, you can generate a long-lived token using the GUI or the CLI.
Procedure
From the signed-in user menu, select API Token.
In the Manage API Token dialog, select Generate token and set the expiration time. Then, select Generate.
If you want to revoke all existing login tokens of the local user and refresh them, select Revoke Tokens.
3. Copy the generated token and paste it to the REST API authorization dialog.
The following demonstrates how to generate the API token and authorize it in the REST API.
Command: weka user generate-token [--access-token-timeout timeout]
The default timeout is 30 days.
To revoke the access and refresh tokens, use the CLI command: weka user revoke-tokens
.