mirror of
https://github.com/datahub-project/datahub.git
synced 2025-09-26 01:23:16 +00:00
1 line
11 KiB
JavaScript
1 line
11 KiB
JavaScript
"use strict";(self.webpackChunkdocs_website=self.webpackChunkdocs_website||[]).push([[48219],{15680:(e,n,t)=>{t.d(n,{xA:()=>p,yg:()=>y});var a=t(96540);function r(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function o(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function s(e){for(var n=1;n<arguments.length;n++){var t=null!=arguments[n]?arguments[n]:{};n%2?o(Object(t),!0).forEach((function(n){r(e,n,t[n])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(t)):o(Object(t)).forEach((function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(t,n))}))}return e}function l(e,n){if(null==e)return{};var t,a,r=function(e,n){if(null==e)return{};var t,a,r={},o=Object.keys(e);for(a=0;a<o.length;a++)t=o[a],n.indexOf(t)>=0||(r[t]=e[t]);return r}(e,n);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a<o.length;a++)t=o[a],n.indexOf(t)>=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(r[t]=e[t])}return r}var i=a.createContext({}),c=function(e){var n=a.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):s(s({},n),e)),t},p=function(e){var n=c(e.components);return a.createElement(i.Provider,{value:n},e.children)},u="mdxType",g={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),u=c(t),m=r,y=u["".concat(i,".").concat(m)]||u[m]||g[m]||o;return t?a.createElement(y,s(s({ref:n},p),{},{components:t})):a.createElement(y,s({ref:n},p))}));function y(e,n){var t=arguments,r=n&&n.mdxType;if("string"==typeof e||r){var o=t.length,s=new Array(o);s[0]=m;var l={};for(var i in n)hasOwnProperty.call(n,i)&&(l[i]=n[i]);l.originalType=e,l[u]="string"==typeof e?e:r,s[1]=l;for(var c=2;c<o;c++)s[c]=t[c];return a.createElement.apply(null,s)}return a.createElement.apply(null,t)}m.displayName="MDXCreateElement"},91728:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>p,contentTitle:()=>i,default:()=>y,frontMatter:()=>l,metadata:()=>c,toc:()=>u});t(96540);var a=t(15680);function r(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function o(e,n){return n=null!=n?n:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):function(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))})),e}function s(e,n){if(null==e)return{};var t,a,r=function(e,n){if(null==e)return{};var t,a,r={},o=Object.keys(e);for(a=0;a<o.length;a++)t=o[a],n.indexOf(t)>=0||(r[t]=e[t]);return r}(e,n);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a<o.length;a++)t=o[a],n.indexOf(t)>=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(r[t]=e[t])}return r}const l={title:"Access Token Management",slug:"/api/graphql/token-management",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/api/graphql/token-management.md"},i="Access Token Management",c={unversionedId:"docs/api/graphql/token-management",id:"version-1.1.0/docs/api/graphql/token-management",title:"Access Token Management",description:"DataHub provides the following graphql endpoints for managing Access Tokens. In this page you will see examples as well",source:"@site/versioned_docs/version-1.1.0/docs/api/graphql/token-management.md",sourceDirName:"docs/api/graphql",slug:"/api/graphql/token-management",permalink:"/docs/1.1.0/api/graphql/token-management",draft:!1,editUrl:"https://github.com/datahub-project/datahub/blob/master/docs/api/graphql/token-management.md",tags:[],version:"1.1.0",frontMatter:{title:"Access Token Management",slug:"/api/graphql/token-management",custom_edit_url:"https://github.com/datahub-project/datahub/blob/master/docs/api/graphql/token-management.md"},sidebar:"overviewSidebar",previous:{title:"GraphQL Best Practices",permalink:"/docs/1.1.0/api/graphql/graphql-best-practices"},next:{title:"OpenAPI Guide",permalink:"/docs/1.1.0/api/openapi/openapi-usage-guide"}},p={},u=[{value:"Generating Access Tokens",id:"generating-access-tokens",level:3},{value:"Listing Access Tokens",id:"listing-access-tokens",level:3},{value:"Revoking Access Tokens",id:"revoking-access-tokens",level:3}],g={toc:u},m="wrapper";function y(e){var{components:n}=e,t=s(e,["components"]);return(0,a.yg)(m,o(function(e){for(var n=1;n<arguments.length;n++){var t=null!=arguments[n]?arguments[n]:{},a=Object.keys(t);"function"==typeof Object.getOwnPropertySymbols&&(a=a.concat(Object.getOwnPropertySymbols(t).filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable})))),a.forEach((function(n){r(e,n,t[n])}))}return e}({},g,t),{components:n,mdxType:"MDXLayout"}),(0,a.yg)("h1",{id:"access-token-management"},"Access Token Management"),(0,a.yg)("p",null,"DataHub provides the following ",(0,a.yg)("inlineCode",{parentName:"p"},"graphql")," endpoints for managing Access Tokens. In this page you will see examples as well\nas explanations as to how to administrate access tokens within the project whether for yourself or others, depending on the caller's privileges."),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"Note"),": This API makes use of DataHub Policies to safeguard against improper use. By default, a user will not be able to interact with it at all unless they have at least ",(0,a.yg)("inlineCode",{parentName:"p"},"Generate Personal Access Tokens")," privileges."),(0,a.yg)("h3",{id:"generating-access-tokens"},"Generating Access Tokens"),(0,a.yg)("p",null,"To generate an access token, simply use the ",(0,a.yg)("inlineCode",{parentName:"p"},"createAccessToken(input: GetAccessTokenInput!)")," ",(0,a.yg)("inlineCode",{parentName:"p"},"graphql")," Query.\nThis endpoint will return an ",(0,a.yg)("inlineCode",{parentName:"p"},"AccessToken")," object, containing the access token string itself alongside with metadata\nwhich will allow you to identify said access token later on."),(0,a.yg)("p",null,"For example, to generate an access token for the ",(0,a.yg)("inlineCode",{parentName:"p"},"datahub")," corp user, you can issue the following ",(0,a.yg)("inlineCode",{parentName:"p"},"graphql")," Query:"),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As GraphQL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-graphql"},'mutation {\n createAccessToken(\n input: {\n type: PERSONAL\n actorUrn: "urn:li:corpuser:datahub"\n duration: ONE_HOUR\n name: "my personal token"\n }\n ) {\n accessToken\n metadata {\n id\n name\n description\n }\n }\n}\n')),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As CURL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-curl"},'curl --location --request POST \'http://localhost:8080/api/graphql\' \\\n--header \'X-DataHub-Actor: urn:li:corpuser:datahub\' \\\n--header \'Content-Type: application/json\' \\\n--data-raw \'{ "query":"mutation { createAccessToken(input: { type: PERSONAL, actorUrn: \\"urn:li:corpuser:datahub\\", duration: ONE_HOUR, name: \\"my personal token\\" } ) { accessToken metadata { id name description} } }", "variables":{}}\'\n')),(0,a.yg)("h3",{id:"listing-access-tokens"},"Listing Access Tokens"),(0,a.yg)("p",null,"Listing tokens is a powerful endpoint that allows you to list the tokens owned by a particular user (ie. YOU).\nTo list all tokens that you own, you must specify a filter with: ",(0,a.yg)("inlineCode",{parentName:"p"},'{field: "actorUrn", value: "<your user urn>"}')," configuration."),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As GraphQL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-graphql"},'{\n listAccessTokens(\n input: {\n start: 0\n count: 100\n filters: [{ field: "ownerUrn", value: "urn:li:corpuser:datahub" }]\n }\n ) {\n start\n count\n total\n tokens {\n urn\n id\n actorUrn\n }\n }\n}\n')),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As CURL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-curl"},'curl --location --request POST \'http://localhost:8080/api/graphql\' \\\n--header \'X-DataHub-Actor: urn:li:corpuser:datahub\' \\\n--header \'Content-Type: application/json\' \\\n--data-raw \'{ "query":"{ listAccessTokens(input: {start: 0, count: 100, filters: [{field: \\"ownerUrn\\", value: \\"urn:li:corpuser:datahub\\"}]}) { start count total tokens {urn id actorUrn} } }", "variables":{}}\'\n')),(0,a.yg)("p",null,"Admin users can also list tokens owned by other users of the platform. To list tokens belonging to other users, you must have the ",(0,a.yg)("inlineCode",{parentName:"p"},"Manage All Access Tokens")," Platform privilege."),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As GraphQL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-graphql"},"{\n listAccessTokens(input: { start: 0, count: 100, filters: [] }) {\n start\n count\n total\n tokens {\n urn\n id\n actorUrn\n }\n }\n}\n")),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As CURL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-curl"},"curl --location --request POST 'http://localhost:8080/api/graphql' \\\n--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{ \"query\":\"{ listAccessTokens(input: {start: 0, count: 100, filters: []}) { start count total tokens {urn id actorUrn} } }\", \"variables\":{}}'\n")),(0,a.yg)("p",null,"Other filters besides ",(0,a.yg)("inlineCode",{parentName:"p"},"actorUrn=<some value>")," are possible. You can filter by property in the ",(0,a.yg)("inlineCode",{parentName:"p"},"DataHubAccessTokenInfo")," aspect which you can find in the Entities documentation."),(0,a.yg)("h3",{id:"revoking-access-tokens"},"Revoking Access Tokens"),(0,a.yg)("p",null,"To revoke an existing access token, you can use the ",(0,a.yg)("inlineCode",{parentName:"p"},"revokeAccessToken")," mutation."),(0,a.yg)("p",null,(0,a.yg)("em",{parentName:"p"},"As GraphQL")),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-graphql"},'mutation {\n revokeAccessToken(tokenId: "HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=")\n}\n')),(0,a.yg)("pre",null,(0,a.yg)("code",{parentName:"pre",className:"language-curl"},"curl --location --request POST 'http://localhost:8080/api/graphql' \\\n--header 'X-DataHub-Actor: urn:li:corpuser:datahub' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{\"query\":\"mutation {revokeAccessToken(tokenId: \\\"HnMJylxuowJ1FKN74BbGogLvXCS4w+fsd3MZdI35+8A=\\\")}\",\"variables\":{}}}'\n")),(0,a.yg)("p",null,"This endpoint will return a boolean detailing whether the operation was successful. In case of failure, an error message will appear explaining what went wrong."))}y.isMDXComponent=!0}}]); |