vue-storefront-1 icon indicating copy to clipboard operation
vue-storefront-1 copied to clipboard

Published 20 hours ago verified publisher icon vuestorefront

Ability to connect to basic auth protected API.

Open lukeromanowicz opened this issue 6 years ago • 3 comments

What is the motivation for adding / enhancing this feature?

If you set a basic auth on API, there is no way to connect to it from SSR VSF.

What are the acceptance criteria

  • it's possible to connect to basic auth protected API

Can you complete this feature request by yourself?

  • [x] YES
  • [ ] NO

Which Release Cycle state this refers to? Info for developer.

Pick one option.

  • [x] This is a normal feature request. This should be available on https://test.storefrontcloud.io and then after tests this can be added to next Vue Storefront version. In this case Developer should create branch from develop branch and create Pull Request 2. Feature / Improvement back to develop.
  • [ ] (Pick this option only if you're sure) This is an important improvement request for current Release Candidate version on https://next.storefrontcloud.io and should be placed in next RC version. In this case Developer should create branch from release branch and create Pull Request 3. Stabilisation fix back to release.
  • [ ] (Pick this option only if you're sure) This is a critical improvement request for current Stable version on https://demo.storefrontcloud.io and should be placed in next stable version. In this case Developer should create branch from hotfix or master branch and create Pull Request 4. Hotfix back to hotfix.

lukeromanowicz avatar Jul 10 '19 13:07 lukeromanowicz

Where to start: https://github.com/DivanteLtd/vue-storefront/blob/59519f3e1f03107aafff6fc0f001f424a8a00353/core/lib/sync/task.ts#L6

The user and password should be probably embedded within the URL - e.g: config.cart.create_endpoint=https://user:[email protected] or config.api.url=https://user:[email protected].

The problem is that these endpoints are being executed CSR - in that case we shouldn't expose the passwords and logins to the users (having them in the URL). so ... maybe it shouldn't be included in the URL or should be removed from the URL for CSR (stored in the sessionStorage and added to the calls dynamically)

OR maybe we should just implement this task first:

  • vuestorefront/vue-storefront#2861

pkarw avatar Sep 03 '19 07:09 pkarw

@lukeromanowicz please decide the way we should have it

pkarw avatar Sep 03 '19 08:09 pkarw

@pkarw credentials for basic auth can be visible for the user because the whole idea is to set the same credentials for SSR and API. connecting via user:password@domain sounds good to me.

lukeromanowicz avatar Sep 03 '19 15:09 lukeromanowicz