Skip to content

Grant API key should mandate key name as create API key action #59484

New issue
New issue
Closed
#59836
Closed
Grant API key should mandate key name as create API key action#59484
#59836
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>bugTeam:SecurityMeta label for security team
@ywangd

Description

@ywangd
ywangd
opened on Jul 14, 2020

The name of an API key is mandatory when creating an API key. It throws a 400 error if the name is missing. However, when using the grant API key action, it is possible to create a key without a name. This is because the name field is nested under api_key field for the input of grant API key action, i.e.:

{ 
    "...": "...",
    "api_key": {"name": "key-1"}
}

Although the name field is still mandatory, the parent api_key field is optional. Thus allow keys be created without names.

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>bugTeam:SecurityMeta label for security team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions