Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature/Extension] Add permission for access create OBO Token endpoint. #3177

Closed
Tracked by #2573
RyanL1997 opened this issue Aug 14, 2023 · 1 comment · Fixed by #3179
Closed
Tracked by #2573

[Feature/Extension] Add permission for access create OBO Token endpoint. #3177

RyanL1997 opened this issue Aug 14, 2023 · 1 comment · Fixed by #3179
Assignees
@RyanL1997
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@RyanL1997
Copy link
Collaborator

RyanL1997 commented Aug 14, 2023
edited
Loading

Description
We should alter the update the CreateOnBehalfOfTokenAction which is a RestHandler to use NamedRoutes, which will enforce permissions before the API can be used, permission named to be determined, placeholder, security:user.createOnBehalfOfToken.

Current Design VS Goal
According to the current design (source code), users do not need any permission to access the OBO token creation endpoint: _plugin/_securitty/api/user/onbehalfof. The goal of this issue is to register a specific security permission for accessing this endpoint.
@RyanL1997 RyanL1997 added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Aug 14, 2023
@stephen-crawford
Copy link
Contributor

[Triage] To close this issue, we would need to implement the permission stated in the description in order to access the endpoint for the token creation. This should include unit tests showing that the endpoint required is restricted as expected. @RyanL1997 to add final points.

@stephen-crawford stephen-crawford removed the untriaged Require the attention of the repository maintainers and may need to be prioritized label Aug 14, 2023
@davidlago davidlago added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Aug 14, 2023
@RyanL1997 RyanL1997 mentioned this issue Aug 16, 2023
Merged
3 tasks
@peternied peternied mentioned this issue Aug 16, 2023
Closed
35 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanL1997 RyanL1997

Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

OnBehalfOf authenticator and token generator RyanL1997/security
3 participants
@davidlago @stephen-crawford @RyanL1997