next-drupal
next-drupal copied to clipboard
chapter-three
How to configure HTTP credentials while using OAuth authentication?
In our testing environments we tend to hide our Drupal from public internet, so it wont disclosure anything or get indexed by Google.
While eventually we want to use OAuth authentication, we want to use additionally HTTP authentication. How do we inject in our credentials in NextJS side?
We tried already by setting our base domains with https://username:[email protected] which didn't work out.
Thanks!
Have you looked into using the password grant? https://next-drupal.org/docs/authentication/password-grant
I'll chime in here as I work in the project with @mikaelkundert.
So the problem in our case is on server side. For example when getPathsFromContext() is fetching data from JSON:API - it can't get past Drupal's basic auth.
In the deployed environments it's easy to allow server to server communication past basic auth, but we are doing builds in Circle CI and that gets a bit tricky.
By the way, Thanks for this amazing project!
@juhov I see. Would a pluggable auth system solve your issue? As in bring your own auth headers?
That sound good. But is it a problem that next-drupal and our custom header collide? In this basic auth case we would need to add Authorization: Basic <credentials> and next-drupal will add Authorization: Bearer <token>.
According to this StackOverflow answer, supporting multiple authorization schemes is not supported.
I think we might need to do some tricks in our Drupal hosting side, to partially use Bearer scheme on some URL's and Basic scheme on rest of the URL's :thinking:
The idea of using combined schemes for one request seems to be doomed idea. What do you think?
@mikaelkundert @juhov are you on Drupal Slack? Can we chat say in 30 minutes?
Hola!
Did you manage to get around this somehow? Interested in the same question :)
@eiriksm We added support for basic auth to the DrupalClient. See https://next-drupal.org/docs/client/auth