Content
View differences
Updated by Parimal Satyal about 1 year ago
**As** an administrator
**I want to** set up system-level tokens
**so that** can use them as authentication in my SCIM client to provide it access to the OpenProject SCIM server API.
**Acceptance criteria**
* System-level tokens function similarly to personal access tokens but are associated with a designated system user.
* There is a dedicated menu entry located for system-level-bearer token at /admin/settings/authentication
* Administrators can create, name, and manage these tokens when editing a OAuth application.
* Token have a name and are limited to specific scopes.
* The available scopes are api\_v3, bcf\_v2\_1 and scim\_v2. At least one scope needs to be selected.
* Tokens can be set as valid for 1 day, 7 days, 1 month, 3 months or 1 year. (1 year is default)
* After creating the token will be only visible once.
* Multiple active system-level tokens can exist simultaneously.
* Administrators can delete individual tokens through an available menu action.
* This will trigger a [Danger dialog with confirmation](https://qa.openproject-edge.com/lookbook/pages/components/danger_dialog) (Text in Figma)
* Expired token should have a label called expired
* Expired tokens should be invalid when using them against the API
<br>
**Notes**
* Naming: **System API token**
**Technical Notes**
* Us one OAuth application for all system level tokens and set scope on token bases.
**Permissions and visibility considerations**
* Only accessible to administrators.
* Only available when the Enterprise plan Corporate is active. (tbc)
**Out of scope**
* Send email to admins when system level token expiring soon. (Needs to be specified in a new FEATURE)
<br>
**I want to** set up system-level tokens
**so that** can use them as authentication in my SCIM client to provide it access to the OpenProject SCIM server API.
**Acceptance criteria**
* System-level tokens function similarly to personal access tokens but are associated with a designated system user.
* There is a dedicated menu entry located for system-level-bearer token at /admin/settings/authentication
* Administrators can create, name, and manage these tokens when editing a OAuth application.
* Token have a name and are limited to specific scopes.
* The available scopes are api\_v3, bcf\_v2\_1 and scim\_v2. At least one scope needs to be selected.
* Tokens can be set as valid for 1 day, 7 days, 1 month, 3 months or 1 year. (1 year is default)
* After creating the token will be only visible once.
* Multiple active system-level tokens can exist simultaneously.
* Administrators can delete individual tokens through an available menu action.
* This will trigger a [Danger dialog with confirmation](https://qa.openproject-edge.com/lookbook/pages/components/danger_dialog) (Text in Figma)
* Expired tokens should be invalid when using them against the API
<br>
**Notes**
* Naming: **System API token**
**Technical Notes**
* Us one OAuth application for all system level tokens and set scope on token bases.
**Permissions and visibility considerations**
* Only accessible to administrators.
* Only available when the Enterprise plan Corporate is active. (tbc)
**Out of scope**
* Send email to admins when system level token expiring soon. (Needs to be specified in a new FEATURE)
<br>