algoliasearch-client-javascript icon indicating copy to clipboard operation
algoliasearch-client-javascript copied to clipboard

Published 20 hours ago verified publisher icon algolia

feat(auth): introduce WithinBody option for AuthMode

Open Haroenv opened this issue 2 years ago • 9 comments

fixes #1035

Implementation is done by:

  • adding a new auth mode
  • adding data as the return type for createAuth
  • expose data from transporter
  • serialize transporter data
  • map api key back to query parameter if GET

This doesn't automatically switch to body if the key is too long, the option authMode needs to be set

algoliasearch('', '', { authMode: AuthMode.WithinBody })

TODO

  • [ ] tests
  • [ ] validate this works

Haroenv avatar Aug 06 '21 10:08 Haroenv

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 9281ee9154cfc78d77d35cb4f299a4315a3bf21b:

Sandbox Source
javascript-client-app Configuration

codesandbox-ci[bot] avatar Aug 06 '21 10:08 codesandbox-ci[bot]

it's in the todo @tkrugg

Haroenv avatar Aug 06 '21 11:08 Haroenv

@Haroenv Any news on this PR? It'd be great to have this released to fix #1035

jpreynat avatar Dec 17 '21 16:12 jpreynat

Sorry, there was too many places to change in this unplanned PR, but withinHeaders should be an in-between solution, as it has a higher limit (but doesn't avoid a cors preflight request) @jpreynat

Haroenv avatar Jan 03 '22 09:01 Haroenv

Thanks for the suggestion @Haroenv. But sadly we already tried using withinHeaders and we have some cases where the limit is too small for us, preventing us from switching from version 3 to version 4. Are there any plans on your side to have the withinBody option released at some point?

jpreynat avatar Jan 03 '22 09:01 jpreynat

At the moment it's not yet on the roadmap, as I made this pull request a while ago in an experiment. I will however ask the current owners of this repo whether they can take a look (@shortcuts, @millotp)

Haroenv avatar Jan 03 '22 09:01 Haroenv

@Haroenv @shortcuts @millotp @tkrugg can this prioritized now? it's really preventing enterprise users from the full performance benefits of algolia if we can't use long secured api keys from the browser

humanbagel avatar May 19 '22 17:05 humanbagel

Sorry, I'm not on this team anymore @humanbagel, but I do know that algoliasearch v3 had this feature, so you can use that before it's prioritised to be fixed. Someone who's actually on the api clients team can give more information on prioritisation

Haroenv avatar May 20 '22 08:05 Haroenv