Right now bearer token support for Admin UI authentication (CLI use case) is not up to the level of the browser user use case regarding security.
Auth cookies get symmetrically encrypted meanwhile there's no such thing for bearer token, meaning you can authenticate invocation towards the Admin UI with an unencrypted JWT bearer token (with the correct audience of course).
We should improve on this and provide a way to allow CLIs to "retrieve" encrypted access tokens for consumption with the Admin UI.
Description
Right now bearer token support for Admin UI authentication (CLI use case) is not up to the level of the browser user use case regarding security. Auth cookies get symmetrically encrypted meanwhile there's no such thing for bearer token, meaning you can authenticate invocation towards the Admin UI with an unencrypted JWT bearer token (with the correct audience of course). We should improve on this and provide a way to allow CLIs to "retrieve" encrypted access tokens for consumption with the Admin UI.