Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement proper authorization model #348

Open
salmipa opened this issue Dec 13, 2021 · 0 comments
Open

Implement proper authorization model #348

salmipa opened this issue Dec 13, 2021 · 0 comments
Labels
feature

Comments

@salmipa
Copy link

salmipa commented Dec 13, 2021

Description/Steps to reproduce

Authorization model for strong-soap doesn't support for example bearer tokens. I would like to see more flexible authorization model which enables checking of the authorization header (be it whatever) and if bearer token, then check the claims. This should be done so that request and response are passed to callback which could do the job. By doing it this way enables minimal processing (no xml parsing, dom to Javascript mapping, ...) when denying illegal requests. Also status codes should be mapped then based on the "instructions" from the callback (401 or 403).

I did the support by using proxies, but it's doing all the work for nothing (if illegal) and status code mapping is not what I'd expect. I can make it return 401 or 403 (by setting statusCode property) but it anyhow renders also SOAP Envelope with a fault (which I don't like).

Link to reproduction sandbox

Expected result

Additional information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@salmipa @achrinza