From 7510e9eb6e652e6efd63e0fc6301af43e9f5a9ae Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 14 Aug 2018 17:00:55 -0700 Subject: [PATCH 1/8] [DOCS] Splits the token APIs into separate pages --- x-pack/docs/en/rest-api/security.asciidoc | 5 +- .../rest-api/security/delete-tokens.asciidoc | 56 ++++++ .../en/rest-api/security/get-tokens.asciidoc | 125 ++++++++++++++ .../docs/en/rest-api/security/tokens.asciidoc | 160 +----------------- 4 files changed, 190 insertions(+), 156 deletions(-) create mode 100644 x-pack/docs/en/rest-api/security/delete-tokens.asciidoc create mode 100644 x-pack/docs/en/rest-api/security/get-tokens.asciidoc diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc index 476c9b95bfda3..a0b86c815eafa 100644 --- a/x-pack/docs/en/rest-api/security.asciidoc +++ b/x-pack/docs/en/rest-api/security.asciidoc @@ -22,15 +22,18 @@ You can use the following APIs to add, remove, and retrieve roles in the native * <> * <> +include::security/tokens.asciidoc[] + include::security/authenticate.asciidoc[] include::security/change-password.asciidoc[] include::security/clear-cache.asciidoc[] include::security/clear-roles-cache.asciidoc[] include::security/create-roles.asciidoc[] include::security/delete-roles.asciidoc[] +include::security/delete-tokens.asciidoc[] include::security/get-roles.asciidoc[] +include::security/get-tokens.asciidoc[] include::security/privileges.asciidoc[] include::security/role-mapping.asciidoc[] include::security/ssl.asciidoc[] -include::security/tokens.asciidoc[] include::security/users.asciidoc[] diff --git a/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc new file mode 100644 index 0000000000000..57760cc9242d6 --- /dev/null +++ b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc @@ -0,0 +1,56 @@ +[role="xpack"] +[[security-api-invalidate-token]] +=== Delete tokens API + +Invalidates bearer tokens for access without requiring basic authentication. + +==== Request + +`DELETE /_xpack/security/oauth2/token` + +==== Description + +The tokens returned by the <> have a +finite period of time for which they are valid and after that time period, they +can no longer be used. That time period is defined by the +`xpack.security.authc.token.timeout` setting. For more information, see +<>. + +If you want to invalidate a token immediately, use this delete tokens API. + + +==== Request Body + +The following parameters can be specified in the body of a DELETE request and +pertain to deleting a token: + +`token` (required):: +(string) An access token. + +==== Examples + +The following example invalidates the specified token immediately: + +[source,js] +-------------------------------------------------- +DELETE /_xpack/security/oauth2/token +{ + "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" +} +-------------------------------------------------- +// CONSOLE +// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] +// TEST[continued] + +A successful call returns a JSON structure that indicates whether the token +has already been invalidated. + +[source,js] +-------------------------------------------------- +{ + "created" : true <1> +} +-------------------------------------------------- +// TESTRESPONSE + +<1> When a token has already been invalidated, `created` is set to false. diff --git a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc new file mode 100644 index 0000000000000..d9c0dca429b85 --- /dev/null +++ b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc @@ -0,0 +1,125 @@ +[role="xpack"] +[[security-api-get-token]] +=== Get tokens API + +Creates bearer tokens for access without requiring basic authentication. + +==== Request + +`POST /_xpack/security/oauth2/token` + +==== Description + +The tokens are created by the {es} Token Service, which is automatically enabled +when you configure TLS on the HTTP interface. See <>. Alternatively, +you can explicitly enable the `xpack.security.authc.token.enabled` setting. When +you are running in production mode, a bootstrap check prevents you from enabling +the token service unless you also enable TLS on the HTTP interface. + +The get tokens API takes the same parameters as a typical OAuth 2.0 token API +except for the use of a JSON request body. + +A successful get tokens API call returns a JSON structure that contains the access +token, the amount of time (seconds) that the token expires in, the type, and the +scope if available. + +The tokens returned by the get tokens API have a finite period of time for which +they are valid and after that time period, they can no longer be used. That time +period is defined by the `xpack.security.authc.token.timeout` setting. For more +information, see <>. + +If you want to invalidate a token immediately, you can do so by using the +<>. + + +==== Request Body + +The following parameters can be specified in the body of a POST request and +pertain to creating a token: + +`grant_type`:: +(string) The type of grant. Currently only the `password` grant type is supported. +//TBD: What about the `refresh_token` type in the example below? + +`password` (required):: +(string) The user's password. + +//TBD: Add `refresh_token` parameter per example below? + +`scope`:: +(string) The scope of the token. Currently tokens are only issued for a scope of +`FULL` regardless of the value sent with the request. + +`username` (required):: +(string) The username that identifies the user. + +==== Examples + +The following example obtains a token for the `test_admin` user: + +[source,js] +-------------------------------------------------- +POST /_xpack/security/oauth2/token +{ + "grant_type" : "password", + "username" : "test_admin", + "password" : "x-pack-test-password" +} +-------------------------------------------------- +// CONSOLE + +The following example output contains the access token, the amount of time (in +seconds) that the token expires in, and the type: + +[source,js] +-------------------------------------------------- +{ + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "refresh_token": "vLBPvmAB6KvwvJZr27cS" +} +-------------------------------------------------- +// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] +// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] + +The token returned by this API can be used by sending a request with a +`Authorization` header with a value having the prefix `Bearer ` followed +by the value of the `access_token`. + +[source,shell] +-------------------------------------------------- +curl -H "Authorization: Bearer dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" http://localhost:9200/_cluster/health +-------------------------------------------------- +// NOTCONSOLE + +[[security-api-refresh-token]] +To extend the life of an existing token, you can call the API again with the +refresh token within 24 hours of the token's creation. For example: + +[source,js] +-------------------------------------------------- +POST /_xpack/security/oauth2/token +{ + "grant_type": "refresh_token", + "refresh_token": "vLBPvmAB6KvwvJZr27cS" +} +-------------------------------------------------- +// CONSOLE +// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] +// TEST[continued] + +The API will return a new token and refresh token. Each refresh token may only +be used one time. + +[source,js] +-------------------------------------------------- +{ + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "refresh_token": "vLBPvmAB6KvwvJZr27cS" +} +-------------------------------------------------- +// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] +// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] \ No newline at end of file diff --git a/x-pack/docs/en/rest-api/security/tokens.asciidoc b/x-pack/docs/en/rest-api/security/tokens.asciidoc index f991a5c0cb836..90c8758032410 100644 --- a/x-pack/docs/en/rest-api/security/tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/tokens.asciidoc @@ -1,159 +1,9 @@ -[role="xpack"] +[float] [[security-api-tokens]] -=== Token Management APIs +=== Tokens -The `token` API enables you to create and invalidate bearer tokens for access -without requiring basic authentication. +You can use the following APIs to create and invalidate bearer tokens for access +without requiring basic authentication: -==== Request +* <>, <> -`POST /_xpack/security/oauth2/token` + - -`DELETE /_xpack/security/oauth2/token` - -==== Description - -The tokens are created by the {es} Token Service, which is automatically enabled -when you configure TLS on the HTTP interface. See <>. Alternatively, -you can explicitly enable the `xpack.security.authc.token.enabled` setting. When -you are running in production mode, a bootstrap check prevents you from enabling -the token service unless you also enable TLS on the HTTP interface. - -The Get Token API takes the same parameters as a typical OAuth 2.0 token API -except for the use of a JSON request body. - -A successful Get Token API call returns a JSON structure that contains the access -token, the amount of time (seconds) that the token expires in, the type, and the -scope if available. - -The tokens returned by the Get Token API have a finite period of time for which -they are valid and after that time period, they can no longer be used. That time -period is defined by the `xpack.security.authc.token.timeout` setting. For more -information, see <>. - -If you want to invalidate a token immediately, you can do so by using the Delete -Token API. - - -==== Request Body - -The following parameters can be specified in the body of a POST request and -pertain to creating a token: - -`grant_type`:: -(string) The type of grant. Currently only the `password` grant type is supported. - -`password` (required):: -(string) The user's password. - -`scope`:: -(string) The scope of the token. Currently tokens are only issued for a scope of -`FULL` regardless of the value sent with the request. - -`username` (required):: -(string) The username that identifies the user. - -The following parameters can be specified in the body of a DELETE request and -pertain to deleting a token: - -`token`:: -(string) An access token. - -==== Examples -[[security-api-get-token]] -To obtain a token, submit a POST request to the `/_xpack/security/oauth2/token` -endpoint. - -[source,js] --------------------------------------------------- -POST /_xpack/security/oauth2/token -{ - "grant_type" : "password", - "username" : "test_admin", - "password" : "x-pack-test-password" -} --------------------------------------------------- -// CONSOLE - -The following example output contains the access token, the amount of time (in -seconds) that the token expires in, and the type: - -[source,js] --------------------------------------------------- -{ - "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", - "type" : "Bearer", - "expires_in" : 1200, - "refresh_token": "vLBPvmAB6KvwvJZr27cS" -} --------------------------------------------------- -// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] -// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] - -The token returned by this API can be used by sending a request with a -`Authorization` header with a value having the prefix `Bearer ` followed -by the value of the `access_token`. - -[source,shell] --------------------------------------------------- -curl -H "Authorization: Bearer dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" http://localhost:9200/_cluster/health --------------------------------------------------- -// NOTCONSOLE - -[[security-api-refresh-token]] -To extend the life of an existing token, the token api may be called again with the refresh -token within 24 hours of the token's creation. - -[source,js] --------------------------------------------------- -POST /_xpack/security/oauth2/token -{ - "grant_type": "refresh_token", - "refresh_token": "vLBPvmAB6KvwvJZr27cS" -} --------------------------------------------------- -// CONSOLE -// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] -// TEST[continued] - -The API will return a new token and refresh token. Each refresh token may only be used one time. - -[source,js] --------------------------------------------------- -{ - "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", - "type" : "Bearer", - "expires_in" : 1200, - "refresh_token": "vLBPvmAB6KvwvJZr27cS" -} --------------------------------------------------- -// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] -// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] - -[[security-api-invalidate-token]] -If a token must be invalidated immediately, you can do so by submitting a DELETE -request to `/_xpack/security/oauth2/token`. For example: - -[source,js] --------------------------------------------------- -DELETE /_xpack/security/oauth2/token -{ - "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" -} --------------------------------------------------- -// CONSOLE -// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] -// TEST[continued] - -A successful call returns a JSON structure that indicates whether the token -has already been invalidated. - -[source,js] --------------------------------------------------- -{ - "created" : true <1> -} --------------------------------------------------- -// TESTRESPONSE - -<1> When a token has already been invalidated, `created` is set to false. From 482d331d8cc69c5916030129952b373e2c6779ba Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 14 Aug 2018 17:09:16 -0700 Subject: [PATCH 2/8] [DOCS] Fixed build error --- x-pack/docs/en/rest-api/security/get-tokens.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc index d9c0dca429b85..6fa25ba835212 100644 --- a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc @@ -39,6 +39,7 @@ pertain to creating a token: `grant_type`:: (string) The type of grant. Currently only the `password` grant type is supported. + //TBD: What about the `refresh_token` type in the example below? `password` (required):: From ba7e3bc534434fcf3f4e2cd93f712ca75caf3329 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 14 Aug 2018 17:35:21 -0700 Subject: [PATCH 3/8] [DOCS] Fixes build errs in delete tokens API --- x-pack/docs/en/rest-api/security/delete-tokens.asciidoc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc index 57760cc9242d6..fce5654cb7ada 100644 --- a/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc @@ -38,9 +38,7 @@ DELETE /_xpack/security/oauth2/token "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } -------------------------------------------------- -// CONSOLE -// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] -// TEST[continued] +// NOTCONSOLE A successful call returns a JSON structure that indicates whether the token has already been invalidated. @@ -51,6 +49,6 @@ has already been invalidated. "created" : true <1> } -------------------------------------------------- -// TESTRESPONSE +// NOTCONSOLE <1> When a token has already been invalidated, `created` is set to false. From 0a612358cd5737db0dc484edc9b2defc9f1945d2 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 17 Aug 2018 08:56:56 -0700 Subject: [PATCH 4/8] [DOCS] Addresses feedback about the token APIs --- .../rest-api/security/delete-tokens.asciidoc | 8 ++--- .../en/rest-api/security/get-tokens.asciidoc | 31 ++++++++++--------- .../docs/en/rest-api/security/tokens.asciidoc | 2 +- 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc index fce5654cb7ada..7d6bae2a4c40f 100644 --- a/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-tokens.asciidoc @@ -1,8 +1,8 @@ [role="xpack"] [[security-api-invalidate-token]] -=== Delete tokens API +=== Delete token API -Invalidates bearer tokens for access without requiring basic authentication. +Invalidates a bearer token for access without requiring basic authentication. ==== Request @@ -10,13 +10,13 @@ Invalidates bearer tokens for access without requiring basic authentication. ==== Description -The tokens returned by the <> have a +The tokens returned by the <> have a finite period of time for which they are valid and after that time period, they can no longer be used. That time period is defined by the `xpack.security.authc.token.timeout` setting. For more information, see <>. -If you want to invalidate a token immediately, use this delete tokens API. +If you want to invalidate a token immediately, use this delete token API. ==== Request Body diff --git a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc index 6fa25ba835212..a2c4e6d7a37ec 100644 --- a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc @@ -1,8 +1,8 @@ [role="xpack"] [[security-api-get-token]] -=== Get tokens API +=== Get token API -Creates bearer tokens for access without requiring basic authentication. +Creates a bearer token for access without requiring basic authentication. ==== Request @@ -16,20 +16,20 @@ you can explicitly enable the `xpack.security.authc.token.enabled` setting. When you are running in production mode, a bootstrap check prevents you from enabling the token service unless you also enable TLS on the HTTP interface. -The get tokens API takes the same parameters as a typical OAuth 2.0 token API +The get token API takes the same parameters as a typical OAuth 2.0 token API except for the use of a JSON request body. -A successful get tokens API call returns a JSON structure that contains the access +A successful get token API call returns a JSON structure that contains the access token, the amount of time (seconds) that the token expires in, the type, and the scope if available. -The tokens returned by the get tokens API have a finite period of time for which +The tokens returned by the get token API have a finite period of time for which they are valid and after that time period, they can no longer be used. That time period is defined by the `xpack.security.authc.token.timeout` setting. For more information, see <>. If you want to invalidate a token immediately, you can do so by using the -<>. +<>. ==== Request Body @@ -38,21 +38,24 @@ The following parameters can be specified in the body of a POST request and pertain to creating a token: `grant_type`:: -(string) The type of grant. Currently only the `password` grant type is supported. +(string) The type of grant. Valid grant types are: `password` and `refresh_token`. -//TBD: What about the `refresh_token` type in the example below? +`password`:: +(string) The user's password. If you specify the `password` grant type, this +parameter is required. -`password` (required):: -(string) The user's password. - -//TBD: Add `refresh_token` parameter per example below? +`refresh_token`:: +(string) If you specify the `refresh_token` grant type, this parameter is +required. It contains the string that was returned when you created the token +and enables you to extend its life. `scope`:: (string) The scope of the token. Currently tokens are only issued for a scope of `FULL` regardless of the value sent with the request. -`username` (required):: -(string) The username that identifies the user. +`username`:: +(string) The username that identifies the user. If you specify the `password` +grant type, this parameter is required. ==== Examples diff --git a/x-pack/docs/en/rest-api/security/tokens.asciidoc b/x-pack/docs/en/rest-api/security/tokens.asciidoc index 90c8758032410..3fcb52ff11ffb 100644 --- a/x-pack/docs/en/rest-api/security/tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/tokens.asciidoc @@ -5,5 +5,5 @@ You can use the following APIs to create and invalidate bearer tokens for access without requiring basic authentication: -* <>, <> +* <>, <> From 4fd856938363b78f663a9a23924c07eb3f9b54ab Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 17 Aug 2018 09:01:30 -0700 Subject: [PATCH 5/8] [DOCS] Updated URL in xpack.security.get_token.json --- .../resources/rest-api-spec/api/xpack.security.get_token.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json index 8020d1ecd6d97..0b6f141d10e6a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json @@ -1,6 +1,6 @@ { "xpack.security.get_token": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-get-token", + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", "methods": [ "POST" ], "url": { "path": "/_xpack/security/oauth2/token", From ebc3d7b27b7725d9579d1d75d8d5ceb174e80d1a Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 17 Aug 2018 11:10:03 -0700 Subject: [PATCH 6/8] [DOCS] Updates URL in invalidate token spec --- .../rest-api-spec/api/xpack.security.invalidate_token.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json index be032c2ffd020..27dd103091422 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json @@ -1,6 +1,6 @@ { "xpack.security.invalidate_token": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-tokens.html#security-api-invalidate-token", + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", "methods": [ "DELETE" ], "url": { "path": "/_xpack/security/oauth2/token", From b237832a8bbb21ba1233beccdf2c74f562367477 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 17 Aug 2018 11:11:22 -0700 Subject: [PATCH 7/8] [DOCS] Removes inline link in Security APIs --- x-pack/docs/en/rest-api/security.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc index a0b86c815eafa..c9de070e6d906 100644 --- a/x-pack/docs/en/rest-api/security.asciidoc +++ b/x-pack/docs/en/rest-api/security.asciidoc @@ -9,7 +9,6 @@ You can use the following APIs to perform {security} activities. * <> * <> * <> -* <> * <> [float] From af06c3a47ffde2ad0abbeb8c580b3d3f410cbd53 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 17 Aug 2018 16:44:37 -0700 Subject: [PATCH 8/8] [DOCS] Adds redirect for token management APIs --- docs/reference/redirects.asciidoc | 10 +++++++++- x-pack/docs/en/rest-api/security.asciidoc | 9 ++++++++- x-pack/docs/en/rest-api/security/tokens.asciidoc | 9 --------- 3 files changed, 17 insertions(+), 11 deletions(-) delete mode 100644 x-pack/docs/en/rest-api/security/tokens.asciidoc diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc index 2d11d21089050..948652c37e69a 100644 --- a/docs/reference/redirects.asciidoc +++ b/docs/reference/redirects.asciidoc @@ -511,4 +511,12 @@ You can use the following APIs to add, remove, and retrieve roles in the native * <>, <> * <> -* <> \ No newline at end of file +* <> + +[role="exclude",id="security-api-tokens"] +=== Token management APIs + +You can use the following APIs to create and invalidate bearer tokens for access +without requiring basic authentication: + +* <>, <> diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc index c9de070e6d906..27e54df38b31c 100644 --- a/x-pack/docs/en/rest-api/security.asciidoc +++ b/x-pack/docs/en/rest-api/security.asciidoc @@ -21,7 +21,14 @@ You can use the following APIs to add, remove, and retrieve roles in the native * <> * <> -include::security/tokens.asciidoc[] +[float] +[[security-token-apis]] +=== Tokens + +You can use the following APIs to create and invalidate bearer tokens for access +without requiring basic authentication: + +* <>, <> include::security/authenticate.asciidoc[] include::security/change-password.asciidoc[] diff --git a/x-pack/docs/en/rest-api/security/tokens.asciidoc b/x-pack/docs/en/rest-api/security/tokens.asciidoc deleted file mode 100644 index 3fcb52ff11ffb..0000000000000 --- a/x-pack/docs/en/rest-api/security/tokens.asciidoc +++ /dev/null @@ -1,9 +0,0 @@ -[float] -[[security-api-tokens]] -=== Tokens - -You can use the following APIs to create and invalidate bearer tokens for access -without requiring basic authentication: - -* <>, <> -