A "who am I" API endpoint

[himdel]

Is your feature request related to a problem? Please describe.

There doesn't seem to be a way to query the API to answer the question of "am I logged in" and "who am I logged in as", and how?

Describe the solution you'd like

This could (but doesn't have to) be modelled after the galaxy_ng _ui/v1/me endpoint (https://galaxy.ansible.com/api/_ui/v1/me/), but the required fields would seem to be:

• user id/href - anything unique that can be used to query the users endpoint when needed
  • (bonus: include the user object)
• username, first name, last name, email - to show who the user is, username is a minimum, but with full name and email, we can show full names and support gravatar user icons too
• auth provider - optional, would be nice to be able to tell the user if they're logged in using basic auth, cookies, external sso...
• permissions? - optional, pulp may already have ways to query user's global permissions?
  • (probably not relevant in the first pass, but we could use something like that to disable nav items / actions when not available)
  • (is there a superadmin concept? Is there a restricted login / anonymous user concept? anything like that that we should know about?)

A minimal response could be:

• 200 OK - { username: "joe", id: 123 } - when logged in
• 401/403 - when not logged in (or a 200 with a null object?)

Describe alternatives you've considered

The alternative seems to be sticking to http basic auth only (in which case the ui knows what username it's sending),
or not telling users who they're logged in as.

(Currently, with basic auth, the UI is querying the roles/ API and discarding the response to determine if credentials are valid.)

Additional context

The current use case is pulp-ui, in order to support SSO auth, or even cookie auth using the /auth/login/ login screen, we need to be able to tell if we're logged in, and who as.

[mdellweg]

We should take a look if this is already provided by drf or django.contrib.auth.