Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecurityToken Auth works per default without enabeling it in de Management UI #1066

Closed
MrMedTech opened this issue Jan 8, 2021 · 1 comment · Fixed by #1074
Closed

SecurityToken Auth works per default without enabeling it in de Management UI #1066

MrMedTech opened this issue Jan 8, 2021 · 1 comment · Fixed by #1074
Labels
bug

Comments

@MrMedTech
Copy link

Hi,
I use Hawkbit for the first time and in an explorative way.
Reading the docs, one should enable the usage of security token in the Authentication Configuration in the system config.
In my case, this flow works without enabeling it.
Is that a default behaviour right now?
Because in the docs it is explicitly menioned that this feature has to be enabled.
@schabdo
Copy link
Contributor

schabdo commented Jan 22, 2021

I double-checked behaviour and you're right. Currently it's possible to send a valid target token header even the setting is not enabled by default. However as soon as you enable/disable it within the UI everything is working as expected. I'll provide a fix for that asap ...

@schabdo schabdo added bug and removed question labels Jan 22, 2021
@schabdo schabdo mentioned this issue Jan 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not accept valid token headers by default bosch-io/hawkbit
2 participants
@schabdo @MrMedTech