Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: HTTP Bearer Authorization for simple use cases #193

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

robbat2
Copy link

@robbat2 robbat2 commented Jan 7, 2024

Add support for HTTP Bearer Authorization for simple use cases, where HTTP Basic might not fit workflows.

Signed-off-by: Robin H. Johnson robbat2@gentoo.org

@SuperQ
Copy link
Member

SuperQ commented Jan 7, 2024

I wonder if we should support arbitrary headers, rather than specifically one kind of bearer token. The reason we have the basic auth here is because there's some standard encoding involved. Authorization: Bearer xxxx is a simple opaque string.

@SuperQ SuperQ requested review from roidelapluie and SuperQ January 7, 2024 13:28
@robbat2
Copy link
Author

robbat2 commented Jan 7, 2024

I actually started considering other auth to add, including HTTP Digest (which also needs special handling like Basic)

For your proposal, it would be match header to accept:

match_header:
  authorization:
    - "Bearer foo"
    - "FakeAuth value2"
  x-random-stuff:
    - "abc123"

@SuperQ
Copy link
Member

SuperQ commented Jan 8, 2024

Some work on Digest auth was being done over in the common package.

prometheus/common#553

Add support for HTTP Bearer Authorization for simple use cases, where
HTTP Basic might not fit workflows.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
@robbat2
Copy link
Author

robbat2 commented Jan 10, 2024

@SuperQ hmm, reading that, I realize there is more auth support in common already that not being exposed in toolkit; should I include that in this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants