User tokens provide a way to interact with Foundries.io APIs. Tokens allow users to access:
- REST APIs. Access is granted by passing the HTTP header
- Git repositories. Access is granted by passing a token as the password to Git clone and fetch operations.
- Factory containers. Access is granted by passing a token as the password to
docker login hub.foundries.io.
- Fioctl uses Application Credentials for OAuth2 access to APIs.
All tokens are created with scopes to help limit what they can do.
Some common scopes users may find handy include:
source:read-update- Useful for Git.
targets:read, devices:read, ci:read- read-only access for fioctl or REST API
targets:read-update, devices:read-update, ci:read- read-update access for fioctl.
containers:read- Useful for running docker commands on factory containers.
Scopes define what resources a given token may perform operations on. The following scopes are supported:
- Can perform git clone/fetch/pull operations.
- Can perform git push operations.
- Can delete a reference (git push –delete …) and force-push (git push -f).
- Can create a new references (tags and branches).
- Can docker pull.
- Can docker push.
- Can access CI builds https://api.foundries.io/projects/<factory>/lmp/.
- This isn’t needed normally because
source:read-updatetriggers CI. However, certain custom use-cases that trigger CI builds via https://api.foundries.io/projects/<factory>/lmp/builds/ can use this.
- Can view device(s) https://api.foundries.io/ota/devices/.
- Can update configuration on a device https://api.foundries.io/ota/devices/<device>/config/
- Can create a device (lmp-device-register with an API token).
- Can delete a device https://api.foundries.io/ota/devices/<device>/
- Can view targets.json https://api.foundries.io/ota/factories/<factory>/targets/.
- Can update targets.json https://api.foundries.io/ota/factories/<factory>/targets/.