Provide ability to restrict auth tokens to site, access, scope #15368
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
triaged
In #6559
I am starting to implement app specific authtokens/passwords.
I started adding some additional features to further increase the security of tokens:
Reporting API
, and/orTracking API
,Widgets
view
orwrite
oradmin
access (but not super user)Of course this way you could create different combination of tokens to lower the risk a lot, eg
This way, even if a tracker gets the token, the scope of what they can do is quite restricted.
It's tricky to implement though. Eg likely we would need to use completely different
Access
class depending on whether user is authenticated through UI, or through token_auth. It me mostly done though by changing maybe the behaviour ofAccess:loadSitesIfNeeded
but not sure. Also we would need to check in various places eg inAPI::index()
whether the token is allowed for the current scope etc.Figured I create separate issue for now to simplify #6559.
The text was updated successfully, but these errors were encountered: