OPA-01-003: Improve token authentication mode explanation #901
Assignees
Labels
Comments
tsandall
changed the title
tsandall
changed the title
tsandall
added a commit
to tsandall/opa
that referenced
this issue
Sep 4, 2018
With these changes, the identity will be undefined if a token is not specified. This is less surprising than the empty string that would be set prior to these changes. Fixes open-policy-agent#901 Signed-off-by: Torin Sandall <torinsandall@gmail.com>
tsandall
added a commit
that referenced
this issue
Sep 4, 2018
With these changes, the identity will be undefined if a token is not specified. This is less surprising than the empty string that would be set prior to these changes. Fixes #901 Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The security page describes how to configure authentication and authorization when OPA is running as a daemon.
Currently, if
tokenauthentication is enabled, OPA still processes requests that are missing a bearer token. To validate bearer tokens, users must implement an authorization policy.We should improve the security docs to explain that both authentication and authorization must be used with the
tokenauthentication scheme.The text was updated successfully, but these errors were encountered: