Support for different types of authorization (Bearer, Cookie etc.)

Question

Support for different types of authorization (Bearer, Cookie etc.)

colceagus opened this issue 8 years ago · 8 comments

We would like to be able to specify different types of authorization, like Bearer Token or Cookie. How can we specify these types of authentication headers in the current implementation?

I would like to see this kind of feature as soon as possible, I am willing to contribute by creating a pull request, if I have your approval on starting the feature.

Awaiting your response!

Kind Regards,
Daniel.

Answer 1 · 2016-09-14T20:14:47.000Z

hello @danielmihai, PRs are welcome! the JSON-RPC 2.0 has a clear way to do this, or it's a 'roll your own' solution, like the current user/password auth?

Answer 2 · 2016-09-24T00:31:58.000Z

Hi @pocesar

I haven't started working on the pull request yet. I think I'll try doing it on Sunday. I made a pull request code review for #25.

I was thinking of having a simpler approach to setting Authorization.

The first one is by writing and exposing a general 'set' function for the headers, where the user can set its own headers (which can be marked as an improvement/feature).

The second one is by having algorithm specific functions for setting the authorization headers, as in .basic(username, password) or .jwt(jwttoken). Each one of this approaches does not introduce breaking changes.

The one that includes breaking changes is by passing an authOptions object to the client constructor, in which we specify the auth type (i.e basic, bearer/jwt, digest etc.) together with each auth method parameters (i.e username and password; token etc.)

Consider one of these suggestions, and communicate which one is more appropriate for your development plan, so I can make a first pull request.

Thanks,
Daniel :)

Answer 3 · 2016-09-24T13:00:15.000Z

I think the second way is clearer, and it may pave the path to further authorizations with backwards compatibility

Answer 4 · 2016-09-25T21:02:44.000Z

I managed to write the client part. do you want to submit an early pull request to have a better review in the long term?

Answer 5 · 2016-09-26T00:11:23.000Z

up to you :)
I won't mind waiting for the whole thing

Answer 6 · 2016-09-30T01:32:15.000Z

finished writing the server authorization part.

tests and documentation remain.

examples later ... for jwt and cookie we have to integrate a middleware or a standalone server for authorization (i.e keycloak).

sorry for the late reply, I was caught. just made the time to write the server.

Answer 7 · 2016-09-30T19:19:08.000Z

Hi @pocesar

I finished writing the tests. What do I do about the Readme and the Examples?

Write them after reviewing the current code (that meaning I will create a pull request right away, after your comment on this one) ?

Thanks,
Daniel.

Answer 8 · 2016-09-30T21:39:13.000Z

updated readme with usage (by examples).

we should see if other examples should be written in the examples folder.

creating pull request...