Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider authenticating the server API #4

Open
runcom opened this issue Nov 6, 2024 · 1 comment
Open

Consider authenticating the server API #4

runcom opened this issue Nov 6, 2024 · 1 comment

Comments

@runcom
Copy link
Contributor

runcom commented Nov 6, 2024

This can be as simple as having a flag on the server command for an api-key - that's shared with whoever is managing the client side as well. Except for DI, any other management task would benefit from the added security. Any reason why this should not be implemented? I'm happy to help here as well.
@ben-krieger
Copy link
Member

A PR related to auth is welcome. This is meant to be an opinionated server implementation (as opposed to the example in the go-fdo library repo), so one or more options (mTLS, OIDC, etc.) can be supported in this server, as needed. If the number of options grow, we should probably designate maintainers.

@ben-krieger ben-krieger mentioned this issue Feb 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@runcom @ben-krieger