diff --git a/awxkit/awxkit/cli/docs/source/authentication.rst b/awxkit/awxkit/cli/docs/source/authentication.rst index 08dcf2feb117..ec1ee0329be6 100644 --- a/awxkit/awxkit/cli/docs/source/authentication.rst +++ b/awxkit/awxkit/cli/docs/source/authentication.rst @@ -3,65 +3,7 @@ Authentication ============== -Generating a Personal Access Token ----------------------------------- - -The preferred mechanism for authenticating with AWX and |RHAT| is by generating and storing an OAuth2.0 token. Tokens can be scoped for read/write permissions, are easily revoked, and are more suited to third party tooling integration than session-based authentication. - -|prog| provides a simple login command for generating a personal access token from your username and password. - -.. code:: bash - - CONTROLLER_HOST=https://awx.example.org \ - CONTROLLER_USERNAME=alice \ - CONTROLLER_PASSWORD=secret \ - awx login - -As a convenience, the ``awx login -f human`` command prints a shell-formatted token -value: - -.. code:: bash - - export CONTROLLER_OAUTH_TOKEN=6E5SXhld7AMOhpRveZsLJQsfs9VS8U - -By ingesting this token, you can run subsequent CLI commands without having to -specify your username and password each time: - -.. code:: bash - - export CONTROLLER_HOST=https://awx.example.org - $(CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login -f human) - awx config - -Working with OAuth2.0 Applications ----------------------------------- - -AWX and |RHAT| allow you to configure OAuth2.0 applications scoped to specific -organizations. To generate an application token (instead of a personal access -token), specify the **Client ID** and **Client Secret** generated when the -application was created. - -.. code:: bash - - CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login \ - --conf.client_id --conf.client_secret - - -OAuth2.0 Token Scoping ----------------------- - -By default, tokens created with ``awx login`` are write-scoped. To generate -a read-only token, specify ``--scope read``: - -.. code:: bash - - CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret \ - awx login --conf.scope read - -Session Authentication ----------------------- -If you do not want or need to generate a long-lived token, |prog| allows you to -specify your username and password on every invocation: +To authenticate to AWX, include your username and password in each command invocation as shown in the following examples: .. code:: bash