For JAMF versions >=10.35.0, JAWA can use a bearer token instead. The login route should be changed to post to /v1/auth/token. The generated token and its expiry time can be stored in the client-side session cookie (which is how the username and password are stored right now). The wrinkle, then, is getting JAWA to renew the token when needed. Either on every request or when the token is close to expiring, request /v1/auth/keep-alive to get a new token and store it in the cookie.
ball42
commented
1 year ago
According to Basic Authentication - Classic API Authentication Changes on the Jamf API documentation, HTTP Basic authentication to the Classic API is deprecated and could be removed from Jamf as early as August.
There appear to be a couple of places where JAWA uses Basic authentication:
https://github.com/jamf/JAWA/blob/fbfdaf17b4f2d1370a92f396a2df927bcf1681e7/views/jamf_webhook.py#L383-L390
https://github.com/jamf/JAWA/blob/fbfdaf17b4f2d1370a92f396a2df927bcf1681e7/views/webhook_view.py#L49-L53
For JAMF versions >=10.35.0, JAWA can use a bearer token instead. The login route should be changed to post to
/v1/auth/token. The generated token and its expiry time can be stored in the client-side session cookie (which is how the username and password are stored right now). The wrinkle, then, is getting JAWA to renew the token when needed. Either on every request or when the token is close to expiring, request/v1/auth/keep-aliveto get a new token and store it in the cookie.