Allow to easily grab JWT token from UI (dashboard, theia, etc.)

[benoitf]

Is your enhancement related to a problem? Please describe.

Sometimes I need to get my user token / JWT token and I open developer mode console to get the token. But it should be another simple way to do that like clicking on a button from the dashboard or the IDE

Describe the solution you'd like

It could be like in openshift console (copy login button)

Describe alternatives you've considered

I would use any UI allowing me to do that !

Additional context

[rhopp]

Instead of exposing token in UI, I think it would be better, if our cli tools could operate with user/pass authentication.
That way, token would be needed only for direct API calls, which should be reserved for even more advanced users (devs, automated testing, ...)

[benoitf]

@rhopp there are a lot of users with oAuth so you'll open a browser from the CLI ?

[rhopp]

That's something that came to my mind after pressing send on my comment. TBH I don't know what would be best... It just doesn't make much sense to me. Let's say I want to start workspace from devfile (I have the URL to the devfile for example). I need to open browser, go to che UI (dahboard), copy token and then go to terminal to use the token. To me it seems much better to create the workspace directly in the UI, while I'm already there.
Only scenario I can imagine right now where the cli comes to my mind is when I would like to script something (which doesn't make much sense to me right now as well).

If we could make the cli work without any need to go to browser to obtain some info, that would be perfect. Otherwise I think if we force user to go to the UI, why should he go back to cli?

[RickJWagner]

Related Product Issue: https://issues.redhat.com/browse/CRW-591

[sleshchenko]

It could be like in openshift console (copy login button)

Update: OpenShift Console backend is not able to access user's token anymore(HTTP only cookies). Instead, OpenShift console has Get Token button that opens a dedicated application that is hosted on a different host that only allows us to copy the token.
I assume OpenShift Console support some plugins (but I'm not sure) and such workflow allows avoiding token leak.
Since Che Dashboard does not have any plugin - we should be good with the scenario where the user gets token directly from the dashboard.

Copy user token could appear in context menu of account (in the left-hand side of the footer)
JWT token could appear in context many of recent workspaces.

[sleshchenko]

I think for the existing dashboard we could simply add item under account dropdown that will copy to clipboard chectl/crwctl auth:login https://che.openshift.io/api --token=<refresh_keycloak_token>