On Mon, 2016-02-01 at 13:24 -0800, milki milk wrote: > > The security part comes in when you fetch an arbitrary user's key
I never ever said fetch an *arbitrary* user's key. I said a job run as user Bob would fetch the key of the user (again, Bob) who ran it, who has to be already logged into Jenkins (again, as Bob) to even run the job. So it's absolutely no different from you logging into Jenkins, and going to your user/USERNAME/ page and fetching your key. > Fetching the current user's api key doesn't seem to have a REST API > equivalent. Yeah. That was the conclusion I was coming to. > Right now, I just scrape the user's configure page - > /user/USERNAME/configure - and look for the pattern -- > name="\_\.apiToken"[^>]+value="(\w+?)". I guess that's one way. Cheers, b. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1454363076.10065.41.camel%40interlinx.bc.ca. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: This is a digitally signed message part
