From 5923b056c82635ac0aaedb73a808a54e183aa2e7 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Wed, 14 May 2025 16:38:05 -0500 Subject: [PATCH 01/10] DOC-5248 RS: Fixed outdated password rotation docs --- .../rest-api/requests/users/password.md | 49 +++++++------------ .../manage-passwords/rotate-passwords.md | 30 +++++------- 2 files changed, 30 insertions(+), 49 deletions(-) diff --git a/content/operate/rs/references/rest-api/requests/users/password.md b/content/operate/rs/references/rest-api/requests/users/password.md index 2dae632652..6428a040c9 100644 --- a/content/operate/rs/references/rest-api/requests/users/password.md +++ b/content/operate/rs/references/rest-api/requests/users/password.md @@ -13,15 +13,15 @@ weight: $weight | Method | Path | Description | |----------------------------|----------------------|-----------------------------| -| [PUT](#update-password) | `/v1/users/password` | Change an existing password | -| [POST](#add-password) | `/v1/users/password` | Add a new password | -| [DELETE](#delete-password) | `/v1/users/password` | Delete a password | +| [PUT](#update-password) | `/v1/users/password` | Replace the password of the authenticated user | +| [POST](#add-password) | `/v1/users/password` | Add a new password for the authenticated user | +| [DELETE](#delete-password) | `/v1/users/password` | Delete a password for the authenticated user | ## Update password {#update-password} PUT /v1/users/password -Reset the password list of an internal user to include a new password. +Replaces the password list of the user making this request with a single new password. ### Request {#put-request} @@ -33,8 +33,6 @@ Reset the password list of an internal user to include a new password. ```json { - "username": "johnsmith", - "old_password": "a password that exists in the current list", "new_password": "the new (single) password" } ``` @@ -47,12 +45,10 @@ Reset the password list of an internal user to include a new password. #### Request body -The request must contain a single JSON object with the following fields: +The request must contain a JSON object with the following fields: | Field | Type | Description | |-------|------|-------------| -| username | string | Affected user (required) | -| old_password | string | A password that exists in the current list (required) | | new_password | string | The new password (required) | ### Response {#put-response} @@ -74,16 +70,14 @@ The following are possible `error_code` values: | Code | Description | |------|-------------| -| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | Success, password changed | -| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | -| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Attempting to reset password to a non-existing user. | +| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, password changed. | +| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | ## Add password {#add-password} POST /v1/users/password -Add a new password to an internal user's passwords list. +Adds a new password to the password list of the user making this request. ### Request {#post-request} @@ -95,8 +89,6 @@ Add a new password to an internal user's passwords list. ```json { - "username": "johnsmith", - "old_password": "an existing password", "new_password": "a password to add" } ``` @@ -109,13 +101,11 @@ Add a new password to an internal user's passwords list. #### Request body -The request must contain a single JSON object with the following fields: +The request must contain a JSON object with the following fields: | Field | Type | Description | |-------|------|-------------| -| username | string | Affected user (required) | -| old_password | string | A password that exists in the current list (required) | -| new_password | string | The new (single) password (required) | +| new_password | string | New password to add (required) | ### Response {#post-response} @@ -136,15 +126,14 @@ The following are possible `error_code` values: | Code | Description | |------|-------------| -| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | Success, new password was added to the list of valid passwords. | -| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | -| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Attempting to add a password to a non-existing user. | +| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was added to the list of valid passwords. | +| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | ## Delete password {#delete-password} + DELETE /v1/users/password -Delete a password from an internal user's passwords list. +Deletes a password from the password list of the user making this request. ### Request {#delete-request} @@ -156,7 +145,6 @@ Delete a password from an internal user's passwords list. ```json { - "username": "johnsmith", "old_password": "an existing password" } ``` @@ -169,11 +157,10 @@ Delete a password from an internal user's passwords list. #### Request body -The request must contain a single JSON with the following fields: +The request must contain a JSON object with the following fields: | Field | Type | Description | |-------|------|-------------| -| username | string | Affected user (required) | | old_password | string | Existing password to be deleted (required) | ### Response {#delete-response} @@ -192,7 +179,5 @@ The following are possible `error_code` values: | Code | Description | |------|-------------| -| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | Success, new password was deleted from the list of valid passwords. | -| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | -| [404 Not Found](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5) | Attempting to delete a password to a non-existing user. | +| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was deleted from the list of valid passwords. | +| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | diff --git a/content/operate/rs/security/access-control/manage-passwords/rotate-passwords.md b/content/operate/rs/security/access-control/manage-passwords/rotate-passwords.md index dc0f52750e..04db1a0ea6 100644 --- a/content/operate/rs/security/access-control/manage-passwords/rotate-passwords.md +++ b/content/operate/rs/security/access-control/manage-passwords/rotate-passwords.md @@ -13,7 +13,7 @@ weight: 70 Redis Enterprise Software lets you implement password rotation policies using the [REST API]({{< relref "/operate/rs/references/rest-api" >}}). -You can add a new password for a database user without immediately invalidating the old one (which might cause authentication errors in production). +You can add a new password for a database user without immediately invalidating the old one to prevent possible authentication errors in production. {{< note >}} Password rotation does not work for the default user. [Add additional users]({{< relref "/operate/rs/security/access-control/create-users" >}}) to enable password rotation. @@ -27,7 +27,7 @@ you can set a [password expiration policy]({{< relref "/operate/rs/security/acce However, for database connections that rely on password authentication, you need to allow for authentication with the existing password while you roll out the new password to your systems. -With the Redis Enterprise Software REST API, you can add additional passwords to a user account for authentication to the database or the Cluster Manager UI and API. +With the Redis Enterprise Software REST API, you can add additional passwords to your user account for authentication to the database or the Cluster Manager UI and API. After the old password is replaced in the database connections, you can delete the old password to finish the password rotation process. @@ -41,13 +41,13 @@ The new password cannot already exist as a password for the user and must meet t ## Rotate password -To rotate the password of a user account: +To rotate your password: -1. Add an additional password to a user account with [`POST /v1/users/password`]({{< relref "/operate/rs/references/rest-api/requests/users/password#add-password" >}}): +1. Add an additional password to your password list with [`POST /v1/users/password`]({{< relref "/operate/rs/references/rest-api/requests/users/password#add-password" >}}). You must provide the relevant username and current password for [basic authentication]({{}}) credentials when you send the request. ```sh - POST https://[host][:port]/v1/users/password - '{"username":"", "old_password":"", "new_password":""}' + POST https://:/v1/users/password + { "new_password": "" } ``` After you send this request, you can authenticate with both the old and the new password. @@ -56,26 +56,22 @@ To rotate the password of a user account: 1. Delete the original password with [`DELETE /v1/users/password`]({{< relref "/operate/rs/references/rest-api/requests/users/password#update-password" >}}): ```sh - DELETE https://[host][:port]/v1/users/password - '{"username":"", "old_password":""}' + DELETE https://:/v1/users/password + { "old_password": "" } ``` If there is only one valid password for a user account, you cannot delete that password. ## Replace all passwords -You can also replace all existing passwords for a user account with a single password that does not match any existing passwords. +You can also replace all existing passwords for your user account with a single password that does not match any existing passwords. This can be helpful if you suspect that your passwords are compromised and you want to quickly resecure the account. -To replace all existing passwords for a user account with a single new password, use [`PUT /v1/users/password`]({{< relref "/operate/rs/references/rest-api/requests/users/password#delete-password" >}}): +To replace your passwords, use [`PUT /v1/users/password`]({{< relref "/operate/rs/references/rest-api/requests/users/password#delete-password" >}}). You must provide the relevant username and current password for [basic authentication]({{}}) credentials when you send the request. ```sh -PUT https://[host][:port]/v1/users/password - '{"username":"", "old_password":"", "new_password":""}' +PUT https://:/v1/users/password +{ "new_password": "" } ``` -All of the existing passwords are deleted and only the new password is valid. - -{{}} -If you send the above request without specifying it is a `PUT` request, the new password is added to the list of existing passwords. -{{}} +After this request, all of your existing passwords are deleted and only the new password is valid. From 0e046cbed432e48326ce9ba727867a3caeffabbc Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:23:12 -0500 Subject: [PATCH 02/10] Added breaking changes for /users/password and /users/authorize APIs to 7.8 release notes --- .../rs/release-notes/rs-7-8-releases/_index.md | 18 ++++++++++++++++++ .../rs-7-8-releases/rs-7-8-2-34.md | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/content/operate/rs/release-notes/rs-7-8-releases/_index.md b/content/operate/rs/release-notes/rs-7-8-releases/_index.md index ca16579bd2..ed044ee402 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/_index.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/_index.md @@ -65,6 +65,24 @@ Redis Software version 7.8.2 introduces the following breaking changes: - When you [upgrade a database]({{}}) using the REST API, you can set `"latest_with_modules": false` in the request body to prevent module upgrades. +- Authentication method changes for [`/v1/users/password`]({{}}) REST API requests. + + - `PUT`, `POST`, and `DELETE` methods require users to include their usernames and a current password in the authentication header to change their password lists. If the authentication header is not provided, the response status will be `401 Unauthorized`. + + - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + + - `PUT` and `POST` requests will ignore `username` and `old_password` parameters provided in the request body. + + - `DELETE` requests will ignore the `username` parameter provided in the request body. + +- Authentication method changes for [`POST /v1/users/authorize`]({{}}) REST API requests. + + - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. + + - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + + - `POST` requests will ignore `username` and `password` parameters provided in the request body. + #### Redis database version 7.4 breaking changes {#redis-74-breaking-changes} When new major versions of Redis Community Edition change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, read the provided list of breaking changes that affect Redis Software and update any applications that connect to your database to handle these changes. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md index 5c28e62df1..5830b34a09 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md @@ -246,6 +246,24 @@ Redis Software version 7.8.2 introduces the following breaking changes: - When you [upgrade a database]({{}}) using the REST API, you can set `"latest_with_modules": false` in the request body to prevent module upgrades. +- Authentication method changes for [`/v1/users/password`]({{}}) REST API requests. + + - `PUT`, `POST`, and `DELETE` methods require users to include their usernames and a current password in the authentication header to change their password lists. If the authentication header is not provided, the response status will be `401 Unauthorized`. + + - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + + - `PUT` and `POST` requests will ignore `username` and `old_password` parameters provided in the request body. + + - `DELETE` requests will ignore the `username` parameter provided in the request body. + +- Authentication method changes for [`POST /v1/users/authorize`]({{}}) REST API requests. + + - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. + + - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + + - `POST` requests will ignore `username` and `password` parameters provided in the request body. + ### Redis database version 7.4 breaking changes {#redis-74-breaking-changes} When new major versions of Redis Community Edition change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, read the provided list of breaking changes that affect Redis Software and update any applications that connect to your database to handle these changes. From 02451fde9e38cf6c173720e8b6880ae4d845c99c Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:25:09 -0500 Subject: [PATCH 03/10] DOC-5248 Feedback update to add 401 status codes back to API reference --- .../operate/rs/references/rest-api/requests/users/password.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/operate/rs/references/rest-api/requests/users/password.md b/content/operate/rs/references/rest-api/requests/users/password.md index 6428a040c9..0e481553ad 100644 --- a/content/operate/rs/references/rest-api/requests/users/password.md +++ b/content/operate/rs/references/rest-api/requests/users/password.md @@ -72,6 +72,7 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, password changed. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | +| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | ## Add password {#add-password} @@ -128,6 +129,7 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was added to the list of valid passwords. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | +| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | ## Delete password {#delete-password} @@ -181,3 +183,4 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was deleted from the list of valid passwords. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | +| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | From 677545ceedcd6ff3b40b9ddf2fe2cbd94bb35aa9 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:26:38 -0500 Subject: [PATCH 04/10] Updated 401 status code links --- .../rs/references/rest-api/requests/users/password.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/operate/rs/references/rest-api/requests/users/password.md b/content/operate/rs/references/rest-api/requests/users/password.md index 0e481553ad..3d40159d60 100644 --- a/content/operate/rs/references/rest-api/requests/users/password.md +++ b/content/operate/rs/references/rest-api/requests/users/password.md @@ -72,7 +72,7 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, password changed. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | +| [401 Unauthorized](https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized) | The user is unauthorized. | ## Add password {#add-password} @@ -129,7 +129,7 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was added to the list of valid passwords. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | +| [401 Unauthorized](https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized) | The user is unauthorized. | ## Delete password {#delete-password} @@ -183,4 +183,4 @@ The following are possible `error_code` values: |------|-------------| | [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | Success, new password was deleted from the list of valid passwords. | | [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | Bad or missing parameters. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | +| [401 Unauthorized](https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized) | The user is unauthorized. | From 87e5840255c9e6dec5f07f569c0a90dd79ef44d1 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:33:07 -0500 Subject: [PATCH 05/10] Fixed /users/authorize breaking change description --- content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md index 5830b34a09..146e73f7e2 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md @@ -260,7 +260,7 @@ Redis Software version 7.8.2 introduces the following breaking changes: - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. - - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + - `POST /v1/users/password` generates a JWT token for the user who provides their credentials in the authorization header when sending the requests. - `POST` requests will ignore `username` and `password` parameters provided in the request body. From 8df3351806131769b4fc24d3aa2336e6118706a4 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:37:10 -0500 Subject: [PATCH 06/10] Removed redundant wording --- content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md index 146e73f7e2..bbc81ee566 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md @@ -260,7 +260,7 @@ Redis Software version 7.8.2 introduces the following breaking changes: - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. - - `POST /v1/users/password` generates a JWT token for the user who provides their credentials in the authorization header when sending the requests. + - `POST /v1/users/password` generates a token for the user who provides their credentials in the authorization header when sending the requests. - `POST` requests will ignore `username` and `password` parameters provided in the request body. From 1b08d99377b35e2af980e8025b7210124e2a952c Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:39:08 -0500 Subject: [PATCH 07/10] Fixed /users/authorize breaking change description on 7.8 release notes index --- content/operate/rs/release-notes/rs-7-8-releases/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/rs/release-notes/rs-7-8-releases/_index.md b/content/operate/rs/release-notes/rs-7-8-releases/_index.md index ed044ee402..b53f93bbd1 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/_index.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/_index.md @@ -79,7 +79,7 @@ Redis Software version 7.8.2 introduces the following breaking changes: - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. - - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests. + - `POST /v1/users/password` generates a token for the user who provides their credentials in the authorization header when sending the requests. - `POST` requests will ignore `username` and `password` parameters provided in the request body. From e1f4bfeeabe8f17830f6674467186618397d9308 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 10:56:37 -0500 Subject: [PATCH 08/10] Updated outdated /users/authorize REST API reference --- .../rest-api/requests/users/authorize.md | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/content/operate/rs/references/rest-api/requests/users/authorize.md b/content/operate/rs/references/rest-api/requests/users/authorize.md index d2d2d5eb68..fe5f5c1648 100644 --- a/content/operate/rs/references/rest-api/requests/users/authorize.md +++ b/content/operate/rs/references/rest-api/requests/users/authorize.md @@ -13,13 +13,13 @@ weight: $weight | Method | Path | Description | |--------|------|-------------| -| [POST](#post-authorize) | `/v1/users/authorize` | Authorize a user | +| [POST](#post-authorize) | `/v1/users/authorize` | Generate a token to authorize an authenticated user | ## Authorize user {#post-authorize} POST /v1/users/authorize -Generate a JSON Web Token (JWT) for a user to use as authorization to access the REST API. +Generates a JSON Web Token (JWT) for a user to use as authorization to access the REST API. The request authentication header must include the relevant username and password. ### Request {#post-request} @@ -29,12 +29,13 @@ Generate a JSON Web Token (JWT) for a user to use as authorization to access the #### Example JSON body - ```json - { - "username": "user@redislabs.com", - "password": "my_password" - } - ``` +The request body is optional unless you want to specify the token's time to live: + +```json +{ + "ttl": +} +``` #### Request headers | Key | Value | Description | @@ -44,7 +45,7 @@ Generate a JSON Web Token (JWT) for a user to use as authorization to access the #### Request body -Include a [JWT authorize object]({{< relref "/operate/rs/references/rest-api/objects/jwt_authorize" >}}) with a valid username and password in the request body. +Optionally include a JSON object in the request body to specify the time to live (`ttl`), which determines the amount of time in seconds the token will be valid. ### Response {#post-response} @@ -52,11 +53,11 @@ Returns a JSON object that contains the generated access token. #### Example JSON body - ```json - { - "access_token": "eyJ5bGciOiKIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXViOjE0NjU0NzU0ODYsInVpZFI1IjEiLCJleHAiOjE0NjU0Nz30OTZ9.2xYXumd1rDoE0edFzcLElMOHsshaqQk2HUNgdsUKxMU" - } - ``` +```json +{ + "access_token": "eyJ5bGciOiKIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXViOjE0NjU0..." +} +``` ### Error codes {#post-error-codes} @@ -72,6 +73,6 @@ The following are possible `error_code` values: | Code | Description | |------|-------------| -| [200 OK](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1) | The user is authorized. | -| [400 Bad Request](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) | The request could not be understood by the server due to malformed syntax. | -| [401 Unauthorized](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2) | The user is unauthorized. | \ No newline at end of file +| [200 OK](https://www.rfc-editor.org/rfc/rfc9110.html#name-200-ok) | The user is authorized. | +| [400 Bad Request](https://www.rfc-editor.org/rfc/rfc9110.html#name-400-bad-request) | The request could not be understood by the server due to malformed syntax. | +| [401 Unauthorized](https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized) | The user is unauthorized. | \ No newline at end of file From 7d33aa1535ff174004bb1fbdaf0601b934767a8c Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 11:04:36 -0500 Subject: [PATCH 09/10] Added ttl default, min, and max values to /users/authorize API reference --- .../operate/rs/references/rest-api/requests/users/authorize.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/rs/references/rest-api/requests/users/authorize.md b/content/operate/rs/references/rest-api/requests/users/authorize.md index fe5f5c1648..faf96ee4ca 100644 --- a/content/operate/rs/references/rest-api/requests/users/authorize.md +++ b/content/operate/rs/references/rest-api/requests/users/authorize.md @@ -45,7 +45,7 @@ The request body is optional unless you want to specify the token's time to live #### Request body -Optionally include a JSON object in the request body to specify the time to live (`ttl`), which determines the amount of time in seconds the token will be valid. +Optionally include a JSON object in the request body to specify the time to live (`ttl`), which determines the amount of time in seconds the token will be valid. The default `ttl` is `300` seconds. The minimum `ttl` is `1` second and the maximum `ttl` is `86400` seconds. ### Response {#post-response} From ca0d9bb9b1d0f4ac3bd7da3ffedb0e0adcb6cb36 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Thu, 15 May 2025 11:11:01 -0500 Subject: [PATCH 10/10] Fixed another error in /users/authorize breaking changes description --- content/operate/rs/release-notes/rs-7-8-releases/_index.md | 2 +- content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/operate/rs/release-notes/rs-7-8-releases/_index.md b/content/operate/rs/release-notes/rs-7-8-releases/_index.md index b53f93bbd1..447785def2 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/_index.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/_index.md @@ -79,7 +79,7 @@ Redis Software version 7.8.2 introduces the following breaking changes: - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. - - `POST /v1/users/password` generates a token for the user who provides their credentials in the authorization header when sending the requests. + - `POST /v1/users/authorize` generates a token for the user who provides their credentials in the authorization header when sending the requests. - `POST` requests will ignore `username` and `password` parameters provided in the request body. diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md index bbc81ee566..8259c66000 100644 --- a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md +++ b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md @@ -260,7 +260,7 @@ Redis Software version 7.8.2 introduces the following breaking changes: - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token. - - `POST /v1/users/password` generates a token for the user who provides their credentials in the authorization header when sending the requests. + - `POST /v1/users/authorize` generates a token for the user who provides their credentials in the authorization header when sending the requests. - `POST` requests will ignore `username` and `password` parameters provided in the request body.