Project

General

Profile

Actions

Bug #26071

open

Default configuration for user API tokens should be disabled for OIDC and OAuth2

Added by Clark ANDRIANASOLO 7 days ago. Updated 6 days ago.

Status:
Pending release
Priority:
N/A
Category:
Security
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

In parent ticket we added the feature to disable/enable the API token, but it remained always enabled by default : rudder.auth.oidc.userRestToken=enabled
For security reasons, we want to make it disabled by default for OIDC/OAuth2

Actions #1

Updated by Clark ANDRIANASOLO 7 days ago

  • Status changed from New to In progress
Actions #2

Updated by Clark ANDRIANASOLO 7 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/6087
Actions #3

Updated by Clark ANDRIANASOLO 6 days ago

  • Status changed from Pending technical review to Pending release
Actions

Also available in: Atom PDF