-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ability to set a default bearer token #556
Conversation
Codecov Report
@@ Coverage Diff @@
## main #556 +/- ##
==========================================
- Coverage 27.02% 27.00% -0.02%
==========================================
Files 48 53 +5
Lines 5832 5928 +96
==========================================
+ Hits 1576 1601 +25
- Misses 3973 4044 +71
Partials 283 283
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should do the introspection approach that was introduced in https://github.com/TBD54566975/ssi-service/pull/369/files (see the introspect
middleware). We can separate that out into a single PR.
Integrating with an existing authorization server is how I expect production deployments to work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this approach but would suggest that we pause on auth until we have a (light) SIP in place that goes over options and examples.
@andresuribe87 yeah I like that - what we want to be careful of is shipping without something default on (as it will come back to bite) and default means assuming something pretty basic (but yeah a rel prod will integrate with many things). |
cc @mistermoe @bradleydwyer if needed can easily add in |
I believe this should be merged, but since docs have shifted, @michaelneale can you move the README additions to a new piece of service documentation here on auth? |
@decentralgabe yep working on it... |
@@ -118,6 +118,7 @@ func setUpEngine(cfg config.ServerConfig, shutdown chan os.Signal) *gin.Engine { | |||
gin.Recovery(), | |||
gin.Logger(), | |||
middleware.Errors(shutdown), | |||
middleware.AuthMiddleware(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we want to comment this out
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice
@decentralgabe ok to merge? |
Overview
Allow ability to have Bearer token optionally.
Description
By setting an AUTH_TOKEN api calls can be checked against a bearer token.
How Has This Been Tested?
A new test case for default behavior has been added.
References
https://github.com/zalando/gin-oauth2