-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Origin is validated before credentials in auth process #1568
Comments
I feel like I missing something in this issue. The authentication happen only after all the checks had passed, regardless of their order |
what i mean is that we have 2 steps:
What i'm trying to do here is stack the validations in that order. The current validations are |
At current, our authentication process is as follows (in high level):
authenticate
permissions on the webservicerestricted_to
policy entity).new_token: create a new Conjur access token
We should replace the order from:
to:
the security and origin validation are similar as in both we verify that the user can authenticate with Conjur. So it makes sense to first validate that the user can authenticate with Conjur, before we actually authenticate it.
This change will improve the readability of our code as its logic will make more sense.
Furthermore, the origin validation is very quick so we don't want to fail on it after we perform heavy validations of the credentials.
DoD:
The text was updated successfully, but these errors were encountered: