v0.12.0-dd.0
mdgreenfield
released this
05 Apr 23:40
·
38 commits
to main
since this release
PROD-347: Add access token endpoint Adds the <mountPath>/token/<role> endpoint to return an Oauth access token. This access token is not leased because these tokens have a TTL of 60m and are not revokable upstream. Caveats: - The <mountPath>/roles/<role> backend will create a separate App/SP with the same logic as the <mountPath>/roles/<role> creds. So, a unified App/Service Principal is not used between the various endpoints for a given role. - No changes were made to how deleting a role revokes the cloud resources used by the <mountPath>/creds/<role> endpoint. - An "existing Service Principal" still creates an App password as opposed to a service principal password.