Create/Delete client and generate/revoke token from CLI

Product Discussion Feature Requests
1

We would like to request the ability to Create/Delete client and generate/revoke token from CLI.

The current method is Authentication - with Admin User account POST /api/login
Create Client /api/auth.client
Generate token /api/auth.token.grant
Revoke token /api/auth.token.revoke
Delete client

Then you can use Authentication - with Client ID for additional transcations.
You also have to renew the token every 48 hours.

The Router supports CLI SSH Access Public Key

image
image1076×88 11.2 KB

  • PublicKeys are secured by the strength of the cryptography for the type of key.
  • Passwords are guessable and more easily compromised in general than any (even very old) cryptography.
  • Configuring trust of a key pair results in a stable and long term secure authentication path that does not require additional software components.
  • Any token (or static password) is far more vulnerable than a dynamic ‘proof of key’ authentication method.

Can we please add the ability to Create/Delete client and generate/revoke token from CLI?

7 Likes
2

Sounds sensible to me.

If you have an option to create you absolutely should have an option to revoke

3 Likes
3

I would like this also. Much tidier / safer.

4 Likes
4

I concur. It’s a good idea to have that feature.

3 Likes
5

We hear you pals and developers are in discussion on this request. I cannot speak for them but work with them. Stay tuned! :wink:

5 Likes
6

Thanks for looking into this for us!

2 Likes
7

+1 on this request from here as well - would be very useful.

1 Like
8

@Eddy_Yeung Can you please add this to 8.5 beta 1?

1 Like
9

8.5.0 RC 2 has this implemented already. Just in case you are not aware of it.

10

Thanks Eddy, I was waiting for the next release that fixed the starlink wan outage, I’ll give it a try now that 8.5 RC2 fixes that.

11

@MartinLangmaid Want to give a try on the CLI to Create/Delete client and generate/revoke token? Want to definite confirm that before we go GA which is expected to be soon.

1 Like
12

@Eddy_Yeung
Just tested this on a 380x.
For adding a client, the help doesn’t seem to indicate that it supports scope of read-only, read-write, admin does it? If so recommend adding that to the help context.

support auth-client-add
String Client Name

support auth-client-add “Client 1”

support auth-client-add “Client 1”

support auth-client-show
When there was a client it did show them, but didn’t show the access level each client had.
It also did not show the expiration timestamp of the token?
The web api, has additional fields of confidential, scope, createTimestamp
Please update the cli command so it has shows the same fields as the web api.
I tested a token that I created using the cli, and the token did work.

For this command with no client, it outputs.

support auth-client-show
No any client

Change output to read.
No clients

For this command it showed

support auth-client-remove “Client 1”
OK
However it seems to only support removal by “Client ID”
If it doesn’t match, recommend output should be
No client found with id to remove

support auth-client-token-show
No any access token

Recommend changing output to be
No access tokens

13

@Jonathan_Pitts Appreciated the feedback and suggestion. Let’s see how soon we can get them in and update on the 8.5.0 RC3 (hopefully, our GA). :crossed_fingers:

1 Like
14

Sounds good thanks @Eddy_Yeung !

15

8.5.0 RC 3 is out. :wink:

16

Looks/works good eddy!