Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bindle server auth: support requiring auth for all request types #310

Open
vdice opened this issue Feb 23, 2022 · 2 comments
Open

Bindle server auth: support requiring auth for all request types #310

vdice opened this issue Feb 23, 2022 · 2 comments

Comments

@vdice
Copy link
Member

vdice commented Feb 23, 2022
edited
Loading

Currently, GET requests to a bindle server with auth configured (say, basic http or oidc) appear to always be served, meaning anonymous auth is still possible for these request types.

I think it would be useful to allow configuration in the server to restrict all request types (including GETs) to requiring auth creds per the auth strategy the server is running with. Assuming we want to maintain the default of anonymous GETs, perhaps this would be an opt-in configuration/toggle.
@vdice
Copy link
Member Author

vdice commented Feb 24, 2022

@thomastaylor312 or is it already possible today to configure a bindle server to mandate that all requests be authenticated?

@thomastaylor312
Copy link
Contributor

Not with how it is currently setup. We'll need to add a new Authorization implementation that checks if the user is authenticated. Should be a fairly simple code add, but then we need to add yet another branch to the match statement of doom in the server CLI code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thomastaylor312 @vdice