You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by GitBox <gi...@apache.org> on 2021/05/13 15:01:58 UTC
[GitHub] [airavata-custos] dinukadesilva opened a new issue #158: Shouldn't all of the requests authorised by the access token
dinukadesilva opened a new issue #158:
URL: https://github.com/apache/airavata-custos/issues/158
I can see some requests are authorized by the access token while some are not authorized at all and some are authorized by the base64 encoded clientId:secret. I wonder why
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airavata-custos] isururanawaka edited a comment on issue #158: Shouldn't all of the requests authorised by the access token
Posted by GitBox <gi...@apache.org>.
isururanawaka edited a comment on issue #158:
URL: https://github.com/apache/airavata-custos/issues/158#issuecomment-840937604
Basically custos has three types of authorizations. User based authorization, agent based authorization and delegated authorization. For user and gent based authorizations we should use oAuth2.0 access tokens. For delegated access control we can use basic authentication.(e.g clients deployed on secured environments) But we can implement multiple authorizations schemes for a given endpoint. It is supported by MultitenantAuthInterceptor of Integration services. We need to extend that to the rest of the APIs if required.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airavata-custos] isururanawaka closed issue #158: Shouldn't all of the requests authorised by the access token
Posted by GitBox <gi...@apache.org>.
isururanawaka closed issue #158:
URL: https://github.com/apache/airavata-custos/issues/158
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airavata-custos] isururanawaka commented on issue #158: Shouldn't all of the requests authorised by the access token
Posted by GitBox <gi...@apache.org>.
isururanawaka commented on issue #158:
URL: https://github.com/apache/airavata-custos/issues/158#issuecomment-840937604
Basically custos has three types of authorizations. User based authentication, agent based authentication and delegated authorization. For user and gent based authorizations we should use oAuth2.0 access tokens. For delegated access control we can use basic authentication.(e.g clients deployed on secured environments) But we can implement multiple authorizations schemes for a given endpoint. It is supported by MultitenantAuthInterceptor of Integration services. We need to extend that to the rest of the APIs if required.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airavata-custos] isururanawaka commented on issue #158: Shouldn't all of the requests authorised by the access token
Posted by GitBox <gi...@apache.org>.
isururanawaka commented on issue #158:
URL: https://github.com/apache/airavata-custos/issues/158#issuecomment-843278624
@dinukadesilva anyone can create admin tenants. but those are in the requested state. Custos admin manually approves those after verifying tenant details. It was an open API. But with custos admin portal, we can impose a restriction that all gateway requesters should be a user of the super tenant to request gateways. In that case we can authorize tenant creation apis.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airavata-custos] dinukadesilva commented on issue #158: Shouldn't all of the requests authorised by the access token
Posted by GitBox <gi...@apache.org>.
dinukadesilva commented on issue #158:
URL: https://github.com/apache/airavata-custos/issues/158#issuecomment-841385139
But, the thing I'm doubtful about is, anyone is able to create an admin-tenant since it doesn't check for authentication or authorization at all. Does that make sense?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org