Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kibana API Tokens #5267

Closed
Bargs opened this issue Nov 2, 2015 · 1 comment
Closed

Kibana API Tokens #5267

Bargs opened this issue Nov 2, 2015 · 1 comment
Labels
enhancement New value added to drive a business result Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc

Comments

@Bargs
Copy link
Contributor

Bargs commented Nov 2, 2015

Now that we're adding REST API endpoints to the Kibana server (see #5199), we need a way to secure them. We need to prevent CSRF, but we can't just generate CSRF tokens per page load because a user might be hitting these endpoints from a client we don't control (e.g. configuration management system automatically bootstrapping a Kibana instance). As a result we'll need to implement an API token system that gives these users access to the API in a secure manner.

Some discussion points:

  • Should these endpoints be accessible by both API token and session + csrf token so the existing Kibana frontend can use them without being converted to use API token?
  • How do we generate the token? Do we use something like JWT?
  • Do we need to persist the token? Where will they be persisted?
  • How do we leverage Shield, since Kibana itself doesn't have a concept of users?
@Bargs Bargs added the discuss label Nov 2, 2015
@Bargs Bargs mentioned this issue Nov 2, 2015
Merged
@spalger spalger added Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc release_note:enhancement and removed discuss labels Jan 23, 2017
@epixa
Copy link
Contributor

epixa commented Sep 21, 2017

Since auth is now handled entirely through x-pack security, I'm going to close this out.

@epixa epixa closed this as completed Sep 21, 2017
@epixa epixa added enhancement New value added to drive a business result and removed release_note:enhancement labels May 7, 2018
MadameSheema pushed a commit to MadameSheema/kibana that referenced this issue Jan 31, 2023
@orouz
Merge pull request elastic#5267 from elastic/orouz-patch-4
6d537df 
[Cloud Posture] Add note on benchmark rules
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@epixa @spalger @Bargs