Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authConfig with external catalog #313

Closed
jlev opened this issue Apr 28, 2023 · 4 comments
Closed

authConfig with external catalog #313

jlev opened this issue Apr 28, 2023 · 4 comments
Labels
enhancement New feature or request
Milestone
3.1.0

Comments

@jlev
Copy link

jlev commented Apr 28, 2023
edited
Loading

Hi, I'm trying to configure STAC Browser with two catalogURLs, both of which require auth as a query parameter.

If I set catalogUrl and authConfig, it will connect and render correctly, but if I then go to /external/ and try to load a second catalog which also requires auth, it doesn't appear that the required parameter is being set.

Is there a way to force this? I could also potentially unset the catalogURL and then override the STACIndex listing, and let users pick from that on startup.
@jlev jlev changed the title auth authConfig with external catalog Apr 28, 2023
@jlev
Copy link
Author

jlev commented Apr 28, 2023

I was able to add a second form-group in SelectDataSource.vue to preload just our internal catalogs. If this is a feature that others would like I can make a PR to inject this from the config.

@m-mohr
Copy link
Collaborator

m-mohr commented Apr 29, 2023
edited
Loading

If I set catalogUrl and authConfig, it will connect and render correctly, but if I then go to /external/ and try to load a second catalog which also requires auth, it doesn't appear that the required parameter is being set.

This is intentional for security reasons. Otherwise, credentials/tokens may be leaked to externals.

Is there a way to force this? I could also potentially unset the catalogURL and then override the STACIndex listing, and let users pick from that on startup.

No, currently you'd need to deploy STAC Browser twice. STAC Browser is optimized to work for a single catalog url (e.g., generates cleaner-URLs, page refresh works better, authentication, ...). Of course there are ways to change the code for your case, but then you may run into conflicts or issues in the future. The SelectDataSource was meant for demo purposes and in the end all pages are implicitly external, which doesn't lead to the best STAC Browser experience.

Maybe the best way forward is to allow configuring a pattern for allowed paths for authConfig?

@m-mohr m-mohr added this to the 3.1.0 milestone Apr 29, 2023
@m-mohr m-mohr added the enhancement New feature or request label Apr 29, 2023
m-mohr added a commit that referenced this issue May 12, 2023
@m-mohr
Apply allowedDomains to headers and query parameters #313
77a7c7a
m-mohr added a commit that referenced this issue May 12, 2023
@m-mohr
Apply allowedDomains to headers and query parameters #313
ea0b01d
@m-mohr
Copy link
Collaborator

m-mohr commented May 12, 2023
edited
Loading

Actually, there's already an option in the config for this: allowedDomains. If you allow the domains of both catalogs, does this solve the issue for you? In the latest version available from the main branch, it should now apply to headers and query parameters. @jlev
Please, let me know whether it works for you. If not, I can re-open here.

@m-mohr m-mohr closed this as completed May 12, 2023
@jlev
Copy link
Author

jlev commented Jun 2, 2023

Thanks @m-mohr, I just got the chance to test this with 3.01 and it works. Both of my catalogs are on the same domain, so one setting in allowedDomains does the trick.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
3.1.0
Development

No branches or pull requests
2 participants
@jlev @m-mohr