Ability generate API access tokens

[zhiltsov-max]

Current Behaviour

Currently, the only possible way to auth a user is to pass credentials to the server. Password typing can be a potential security problem, also they need to be passed into other tools, if they are going to use API or SDK. Having only the password auth can also weaken the account security.

This will allow to authenticate in API clients when there is no basic auth available (e.g., when SSO is used for login).

Possible Solution

• Implement ability to generate API access tokens
  • [Optional] with ability to control lifetime
  • [Optional] with ability to revoke created tokens
  • [Optional] with ability to control access rights for each token
• [Optional] Implement sessions management with options to list and end open sessions
• [Optional] Implement a list of last logins for the user
• [Optional] Add a list of authorized SSH keys allowed to access API
• [Optional] Allow to enable or disable basic auth via SDK/CLI on the server

Examples: GitHub Personal Access Tokens (PAT) https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

[priyanshu-kun]

@nmanovic Hey, is this feature implemented in the CVAT backend? If not, can I work on it? It seems pretty interesting to me.

[nmanovic]

@priyanshu-kun , sure, you can. We had very good proposals for GSoC 2024 for the feature.

@ritikraj26, @umangapatel123, would you mind to share your proposals? If you can help us to contribute the future, CVAT community will be happy.

[umangapatel123]

@nmanovic Sure, I will share my proposal. I am also very much interested in implementing this feature.

[priyanshu-kun]

@nmanovic, is this feature a GSoC 2024 project? Have you selected a contributor for it? I didn't see this project on the chosen project list on the GSoC'24 CVAT page.

[umangapatel123]

@priyanshu-kun It was a GSoC 2024 Proposed project but due to the project limit for the organization in GSoC, this project was dropped.

[priyanshu-kun]

@umangapatel123 Ohh, wanna collaborate with me to work upon this issue?

[umangapatel123]

@priyanshu-kun Sure, I am more than happy to do that

[priyanshu-kun]

fine as soon I got the free time I'll create a proposal, will disucss about that afterward. @umangapatel123

[ritikraj26]

Sure, I would be happy to help !