Support new CreateToken API/allow setting custom scope

[NiklasRosenstein]

Is your feature request related to a problem? Please describe.

The old Create Token API that is used by ArtifactorySecurity.create_access_token() is deprecated: https://jfrog.com/help/r/jfrog-rest-apis/delete-group?tocId=2_OrHvmQlC6dtFFR8F9i3w

Describe the solution you'd like

Add support for or use the new Create Token API instead: https://jfrog.com/help/r/jfrog-rest-apis/create-token

Additional context

We ran into an issue today where all the tokens generated with pyartifactory didn't actually have any permissions. It seems the "scope" value of the deprecated API endpoint expects the format of the new endpoint (e.g. "applied-permissions/user" is what we're using now after monkey-patching pyartifactory).

[anancarv]

Thanks for pointing it out @NiklasRosenstein . I'll update that feature ASAP

[NiklasRosenstein]

Thanks @anancarv !

FYI, this is how I worked around it for now:

def create_access_token(
    self: ArtifactorySecurity,
    user_name: str,
    expires_in: int = 3600,
    refreshable: bool = False,
    groups: list[str] | None = None,
) -> AccessTokenModel:
    """
    A variation of #ArtifactorySecurity.create_access_token() that passes the correct "scope".
    """

    payload = {
        "username": user_name,
        "expires_in": expires_in,
        "refreshable": refreshable,
    }
    payload.update({"scope": "applied-permissions/user"})
    response = self._post(f"api/{self._uri}/token", data=payload, raise_for_status=False)
    if response.ok:
        return AccessTokenModel(**response.json())
    raise InvalidTokenDataException(response.json().get("error_description", "Unknown error"))


ArtifactorySecurity.create_access_token = create_access_token  # type: ignore[method-assign]

That being said, JFrog did acknowledge that this as a bug in the old endpoint that was recently introduced: