feat: Ability to Configure Remote Authorizers to set Headers in AuthenticationSession #717
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wesleyfantinel
changed the title
wesleyfantinel
changed the title
aeneasr
requested changes
May 10, 2021
There was a problem hiding this comment.
Thank you for the contribution! Unfortunately we can not accept contributions without tests. These are important to ensure that your feature does what it should, and it ensures that it keeps working even if others change your code!
if you need help with the tests feel free to ping a maintainer!
|
Ok, sending the tests. |
|
Looks like tests are failing for the new feature, could you take a look maybe? 🧐 |
|
Alright, got it fixed. |
aeneasr
approved these changes
May 14, 2021
Co-authored-by: hackerman <[email protected]>
aeneasr
approved these changes
May 24, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue
Proposed changes
The remote authorizers may have useful context from user's permissions. So with this changes, custom authorizers using
remoteandremote_jsoncan return some useful headers to be forward into the AuthenticationSession, meaning that these headers will be passed to upstream services.For example, an user containing scopes/branches inside an organization profile has some level of data addressed to him. In this case, the upstream service need to know that, and "filter" the data according to his "branch_id". The permission that is given to the user (and the remote authorizers manages) has a record of the "branch_id", for the following responses will be returned as status code 200 (if granted) and containing a header like
X-Branch-Id.The upstream service receives the
X-Branch-Idand does your thing.The configuration requires to configure a list of "allowed headers" returning from remote authorizer, that will be accepted in the pipeline.
Without this, we have to perform another request using the mutator
Hydradorto retrieve the users' "branch_id", that is not a good performance approach in my vision for this set.Checklist
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further comments