honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Corrected API path for invalidate token and SSL certificate examples (#39530)

This commit is contained in:
Lisa Cawley 2019-03-12 13:25:16 -07:00 committed by lcawl
parent e2b88bc706
commit efd7003ea9
3 changed files with 104 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
x-pack/docs/build.gradle
View File

@ -92,6 +92,7 @@ buildRestTests.docs = fileTree(projectDir) {
exclude 'build' exclude 'build'
// These file simply doesn't pass yet. We should figure out how to fix them. // These file simply doesn't pass yet. We should figure out how to fix them.
exclude 'en/watcher/reference/actions.asciidoc' exclude 'en/watcher/reference/actions.asciidoc'
exclude 'en/rest-api/security/ssl.asciidoc'
} }
Map<String, String> setups = buildRestTests.setups Map<String, String> setups = buildRestTests.setups

127
x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc
View File

@ -22,7 +22,8 @@ can no longer be used. That time period is defined by the
The refresh tokens returned by the <<security-api-get-token,get token API>> are The refresh tokens returned by the <<security-api-get-token,get token API>> are
only valid for 24 hours. They can also be used exactly once. only valid for 24 hours. They can also be used exactly once.
If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API. If you want to invalidate one or more access or refresh tokens immediately, use
this invalidate token API.
==== Request Body ==== Request Body
@ -31,26 +32,56 @@ The following parameters can be specified in the body of a DELETE request and
pertain to invalidating tokens: pertain to invalidating tokens:
`token` (optional):: `token` (optional)::
(string) An access token. This parameter cannot be used any of `refresh_token`, `realm_name` or (string) An access token. This parameter cannot be used any of `refresh_token`,
`username` are used. `realm_name` or `username` are used.
`refresh_token` (optional):: `refresh_token` (optional)::
(string) A refresh token. This parameter cannot be used any of `refresh_token`, `realm_name` or (string) A refresh token. This parameter cannot be used any of `refresh_token`,
`username` are used. `realm_name` or `username` are used.
`realm_name` (optional):: `realm_name` (optional)::
(string) The name of an authentication realm. This parameter cannot be used with either `refresh_token` or `token`. (string) The name of an authentication realm. This parameter cannot be used with
either `refresh_token` or `token`.
`username` (optional):: `username` (optional)::
(string) The username of a user. This parameter cannot be used with either `refresh_token` or `token` (string) The username of a user. This parameter cannot be used with either
`refresh_token` or `token`
NOTE: While all parameters are optional, at least one of them is required. More specifically, either one of `token` NOTE: While all parameters are optional, at least one of them is required. More
or `refresh_token` parameters is required. If none of these two are specified, then `realm_name` and/or `username` specifically, either one of `token` or `refresh_token` parameters is required.
need to be specified. If none of these two are specified, then `realm_name` and/or `username` need to
be specified.
==== Examples ==== Examples
The following example invalidates the specified token immediately: For example, if you create a token using the `client_credentials` grant type as
follows:
[source,js]
--------------------------------------------------
POST /_security/oauth2/token
{
"grant_type" : "client_credentials"
}
--------------------------------------------------
// CONSOLE
// TEST
The get token API returns the following information about the access token:
[source,js]
--------------------------------------------------
{
"access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
"type" : "Bearer",
"expires_in" : 1200
}
--------------------------------------------------
// CONSOLE
// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
This access token can now be immediately invalidated, as shown in the following
example:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
@ -59,57 +90,97 @@ DELETE /_security/oauth2/token
"token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
} }
-------------------------------------------------- --------------------------------------------------
// NOTCONSOLE // CONSOLE
// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
// TEST[continued]
whereas the following example invalidates the specified refresh token immediately: If you used the `password` grant type to obtain a token for a user, the response
might also contain a refresh token. For example:
[source,js]
--------------------------------------------------
POST /_security/oauth2/token
{
"grant_type" : "password",
"username" : "test_admin",
"password" : "x-pack-test-password"
}
--------------------------------------------------
// CONSOLE
// TEST
The get token API returns the following information:
[source,js]
--------------------------------------------------
{
"access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
"type" : "Bearer",
"expires_in" : 1200,
"refresh_token": "vLBPvmAB6KvwvJZr27cS"
}
--------------------------------------------------
// CONSOLE
// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
The refresh token can now also be immediately invalidated as shown
in the following example:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
DELETE /_security/oauth2/token DELETE /_security/oauth2/token
{ {
"refresh_token" : "movUJjPGRRC0PQ7+NW0eag" "refresh_token" : "vLBPvmAB6KvwvJZr27cS"
} }
-------------------------------------------------- --------------------------------------------------
// NOTCONSOLE // CONSOLE
// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
// TEST[continued]
The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately: The following example invalidates all access tokens and refresh tokens for the
`saml1` realm immediately:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
DELETE /_xpack/security/oauth2/token DELETE /_security/oauth2/token
{ {
"realm_name" : "saml1" "realm_name" : "saml1"
} }
-------------------------------------------------- --------------------------------------------------
// NOTCONSOLE // CONSOLE
// TEST
The following example invalidates all access tokens and refresh tokens for the user `myuser` in all realms immediately: The following example invalidates all access tokens and refresh tokens for the
user `myuser` in all realms immediately:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
DELETE /_xpack/security/oauth2/token DELETE /_security/oauth2/token
{ {
"username" : "myuser" "username" : "myuser"
} }
-------------------------------------------------- --------------------------------------------------
// NOTCONSOLE // CONSOLE
// TEST
Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in Finally, the following example invalidates all access tokens and refresh tokens
the `saml1` realm immediately: for the user `myuser` in the `saml1` realm immediately:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
DELETE /_xpack/security/oauth2/token DELETE /_security/oauth2/token
{ {
"username" : "myuser", "username" : "myuser",
"realm_name" : "saml1" "realm_name" : "saml1"
} }
-------------------------------------------------- --------------------------------------------------
// NOTCONSOLE // CONSOLE
// TEST
A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number A successful call returns a JSON structure that contains the number of tokens
of tokens that had already been invalidated, and potentially a list of errors encountered while invalidating that were invalidated, the number of tokens that had already been invalidated,
specific tokens. and potentially a list of errors encountered while invalidating specific tokens.
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------

7
x-pack/docs/en/rest-api/security/ssl.asciidoc
View File

@ -78,12 +78,13 @@ node of {es}:
[source,js] [source,js]
-------------------------------------------------- --------------------------------------------------
GET /_xpack/certificates GET /_ssl/certificates
-------------------------------------------------- --------------------------------------------------
// CONSOLE // CONSOLE
// TEST[skip:todo] // TEST
The API returns the following results: The API returns the following results:
[source,js] [source,js]
---- ----
[ [
@ -116,4 +117,4 @@ The API returns the following results:
} }
] ]
---- ----
// NOTCONSOLE // NOTCONSOLE