[WebService] - Tokens system to be put in place instead of password usage
The general concept
The idea is to set in place a new tab on the User, allowing the generation of a token with a specific end date.
The concept is not to use the password to interact with the web service but a defined token.
We would keep the specific ACL verification currently in place, but the idea is to use a time-driven web service access.
More or less the same behavior as GitLab.
There was an idea to use a "DSA" to interact with FD web service, but DSA is strictly used for LDAP interaction and should not be used with the web service.
Possible developments
- Maybe CORE login methodology to add verification of tokens instead of passwords when interacting with web service.
- Web service schema
- New tab on User.
- Logic to be re-defined within web service classes to manage authentication access.
- The token would therefore be the only one used to authenticate.
- Password is to be removed from the allowed authentication logic.