Protecting REST endpoints with access tokens and/or JWTs #77
Assignees
Milestone
Comments
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 3, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 3, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 4, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 4, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 8, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 8, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 9, 2019
Closes reanahub#77 Signed-off-by: leticia <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 10, 2019
Closes reanahub#77 Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 10, 2019
Closes reanahub#77 Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 10, 2019
Closes reanahub#77 Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
leticiawanderley
pushed a commit
to leticiawanderley/reana-server
that referenced
this issue
Jul 24, 2019
Closes reanahub#77 Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
|
Closed by #160. We use the session cookie for browser clients and tokens for CLI clients. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The endpoints that will be queried from the UI will require a valid JWT, which is provided when a user logs in with a valid username (email) and password (access token for now).
Currently, these endpoints are expecting an access token. In order to maintain both methods, we would need to identify the origin of the requests: UI -> JWT, API -> access token.
... Or we could even consider dropping the access tokens entirely, and add a
reana-client login --email ... --password ...command (relevant auth0.com blog post).There are a few challenges here, one I can see, would be passing a JWT in the openapi requests (which is possible), another would be finding an elegant way of storing the JWT on the user machine after it is attained (we could perhaps show a
#export JWT=....message similar toreana-cluster env).The text was updated successfully, but these errors were encountered: