One Time Download Token

[j7smith]

• Nipyapi version: 0.19.1
• NiFi version: 1.16.0
• NiFi-Registry version:
• Python version: 3.7
• Operating System: Windows/Linux

We've recently upgrade one of our NiFi environment from 1.12.1 to 1.16.0. We've also upgrade nipyapi from 0.10.1.

While testing, when attempting to retrieve a single use download token by executing the following code: down_load_token = nipyapi.nifi.apis.access_api.AccessApi(api_client=None).create_download_token()

I receive the error : "'AccessApi' object has no attribute 'create_download_token'"

It looks like the "create_download_token" attribute has been deprecated (or possibly moved???) since we last had to update this code block. I searched for alternatives and documentation but thus far haven't found anything. Any suggestion or alternatives?

This is a fairly high priority as it is causing a block in our automated deployments

[Chaffelson]

It appears that this function call was deprecated from Apache NiFi somewhere between 1.13.2 and 1.15.0, which are the versions I happen to have tracking on. The particular call in NiPyAPI is procedurally generated from the NiFi swagger definition, so we are dependent on that call being present in the NiFi server/cluster. I have emailed the NiFi Dev Mailing list with your question and a link to this issue to see if anyone recalls why it was deprecated and what it may have been replaced with - if you are subscribed you should also see the message.

[Chaffelson]

We have a response from David Handerman on the mailing list

NiFi 1.15.0 included the removal of One-Time Password Authentication as
described in NIFI-8931 [1].

Depending on the authentication strategy configured, the Access Token REST
API can be used to create a Bearer Token that can be used for a longer
duration. Configuring and authorizing X.509 Client Certificates is another
option for programmatic access, but there is no direct replacement for
One-Time Password Authentication.

[1] https://issues.apache.org/jira/browse/NIFI-8931

So this function was deliberately removed from NiFi to improve security posture, and you are advised to use a standard bearer token or cert, and then download FlowFiles via the usual FlowfileQueuesApi.

[ottobackwards]

@Chaffelson maybe we should run swagger-diff ( ruby ) and map it's output to NiPiApi for release notes or something:

> swagger-diff nifi-1.13.2.json nifi-1.15.0.json
- missing endpoints
  - post /access/download-token
  - post /access/ui-extension-token

[Chaffelson]

Didn't know about that functionality - great idea, we'll include it going forward.

[j7smith]

Thanks for looking into this so quickly. I'll give this a try and see how it goes

[ottobackwards]

can we close this issue?

[j7smith]

Apologies. Yes, this issue can be closed