You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be great if we could specify a cookie name for KeyLookup in the KeyAuth middleware config.
This way a user could pass the key credentials via a cookie, whereas now it is restricted to http headers, query params, and form fields.
Disclaimer: There might be good - security-related - reasons not to do this.
Checklist
Dependencies installed
No typos
Searched existing issues and docs
Expected behaviour
I can specify
KeyLookup: "cookie:<name>"
when defining KetAuthWithConfig, so the middleware reads the key from a cookie.
Issue Description
It would be great if we could specify a cookie name for KeyLookup in the KeyAuth middleware config.
This way a user could pass the key credentials via a cookie, whereas now it is restricted to http headers, query params, and form fields.
Disclaimer: There might be good - security-related - reasons not to do this.
Checklist
Expected behaviour
I can specify
when defining KetAuthWithConfig, so the middleware reads the key from a cookie.
e.g.:
Actual behaviour
Currently only following KeyLookup methods are allowed
Steps to reproduce
n.A.
Working code to debug
n.A.
Version/commit
v4.3.0/7846e3f
The text was updated successfully, but these errors were encountered: