Hi team, is there anyway to generate PAT (Personal...
# getting-startedb
breezy-shoe-41523
08/23/2022, 9:40 AMHi team, is there anyway to generate PAT (Personal Access Token )
without having existing one in programatic way???
b
better-orange-49102
08/23/2022, 10:33 AMwith the details of the user and the app's key, you can generate a token
better-orange-49102
08/23/2022, 10:34 AMsuggest you dissemble an existing token, see what fields are inside, then create your own with the key
b
breezy-shoe-41523
08/23/2022, 10:42 AMoh thanks for help but i cant understand how to generate token based on user and app’s key
can you give some example?
b
better-orange-49102
08/23/2022, 10:45 AM Copy code
import jwt
payload = jwt.decode(token, token_secret, algorithms="HS256")better-orange-49102
08/23/2022, 10:46 AMbetter-orange-49102
08/23/2022, 10:46 AMi only ever tried decoding it, but i think it should be possible to create it from scratch
better-orange-49102
08/23/2022, 10:47 AMb
breezy-shoe-41523
08/23/2022, 10:51 AMthanks,
so you mean if i generate token that way then
i don’t have to generate token in web UI?
b
better-orange-49102
08/23/2022, 2:45 PMyes
b
breezy-shoe-41523
08/24/2022, 4:23 AMok so i decoded an token and found
{
“actorType”: “USER”,
“actorId”: “datahub”,
“type”: “PERSONAL”,
“version”: “2",
“exp”: 1663906090,
“jti”: “3423208b-0e4c-40e1-a4ec-56b94d335b8b”,
“sub”: “datahub”,
“iss”: “datahub-metadata-service”
}
this payload
and regenerated token with signing key but still get 401 Unauthorized
so my question is do you store generated token and compare to incoming requests header token
or just check it’s valid token??
b
better-orange-49102
08/24/2022, 4:47 AMToken string isn't stored when you generate in UI(that's why they always say to copy the token as it is not retrievable after you close the modal) . I believe it is more of checking that the token is valid
b
breezy-shoe-41523
08/24/2022, 4:55 AMok… then my question is
if i generate key in UI then i get valid token and i can revoke the generated key and the key doesn’t work anymore
what logic makes revoked key not to work anymore??
b
better-orange-49102
08/24/2022, 4:56 AMnot sure about the revokable token, so cc @incalculable-ocean-74010
b
breezy-shoe-41523
08/24/2022, 5:18 AMi found that my token info is stored at
aspect = ‘dataHubAccessTokenInfo’
so i want to test generation of key based on payload and signingKey
but now i can’t findout which is the signing key
is signing key
how can i interpret signing key syntax
${DATAHUB_TOKEN_SERVICE_SIGNING_KEY:WnEdIeTG/VVCLQqGwC/BAkqyY0k+H8NEAtWGejrBI94=} Copy code
systemClientSecret:
secretRef: "datahub-auth-secrets"
secretKey: "token_service_signing_key"
tokenService:
signingKey:
secretRef: "datahub-auth-secrets"
secretKey: "token_service_signing_key"
salt:
secretRef: "datahub-auth-secrets"
secretKey: "token_service_salt"b
better-orange-49102
08/24/2022, 5:36 AMhttps://datahubspace.slack.com/archives/CV2UXSE9L/p1655435010041999?thread_ts=1655435010.041999&cid=CV2UXSE9L I asked devs before about the revokable tokens before
better-orange-49102
08/24/2022, 5:37 AMI am unsure how to find the signing key in the helm context
b
breezy-shoe-41523
08/24/2022, 6:03 AMok… i think i can set secret key
Copy code
tokenService:
signingKey:
secretRef: "datahub-auth-secrets"
secretKey: "my_secret_key"