-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor proxy request authentication #4401
Comments
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #4374 the request authentication was refactored but this solution is still not very clean.
Before that PR the authentication logic had many implicit behaviors e.g. unauthenticated requests were still forwarded and reva has it's own authentication handler which is why this worked.
But the clean way would be to explicitly handle the authentication in the proxy service and only forward the requests when they were successfully authenticated or when the request is made to "unprotected" paths.
One way to do that would be to add an "unprotected" flag to the proxy routes. Then we would need to route the request before invoking the authentication middleware so that we get the extra information into the context.
The text was updated successfully, but these errors were encountered: