Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reorganize authentication handling to reflect initial design #16

Open
splatch opened this issue Jan 9, 2021 · 0 comments
Open

Reorganize authentication handling to reflect initial design #16

splatch opened this issue Jan 9, 2021 · 0 comments
Assignees
@splatch

Comments

@splatch
Copy link
Contributor

splatch commented Jan 9, 2021

Currently core.auth module contains bunch of implementations which should go to core.auth.core. I am sure that handling of apitoken is essential, yet it should be a separate module and separate credential type.

Also present state of auth handling breaks primary principle from times it was first designed where there was:

  1. Credential Extractor (a context specific type which is responsible for sourcing auth information)
  2. Authentication Provider (realization of authentication logic)
  3. Authentication Manager (entry point to perform authentication)

At present handling of JWT is done in authentication filter down in rest.auth. Given that JWT is rather standardized kind of credentials we are able to create valid extractor as well as implement relevant authentication provider who will handle this kind of credentials.
Main point of this is to support federated login operations when user identity is managed externally from OH (ie. in NAS system prefered by user).
@splatch splatch self-assigned this Jan 9, 2021
splatch added a commit that referenced this issue Jan 28, 2021
@splatch
Reorganization of authentication and security API.
553dc1d 
The main point is usage of CredentialExtractor API and delegation of all security related operations to AuthenticationManager and multiple implementations of AuthenticationProvider.

Relates to #16

Signed-off-by: Łukasz Dywicki <luke@code-house.org>
@splatch splatch mentioned this issue Jan 28, 2021
Open
splatch added a commit that referenced this issue Feb 3, 2021
@splatch
Proof of concept support for authorization.
4a5d662 
Indirectly related to #16.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@splatch splatch

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@splatch