restish icon indicating copy to clipboard operation
restish copied to clipboard

Published 20 hours ago verified publisher icon danielgtaylor

feat: Optionally serve OAuth 2.0 authentication with HTTPS

Open gdavison opened this issue 3 years ago • 2 comments

Looking for feedback on the approach I've taken.

This PR adds the option to serve an OAuth 2.0 Authorization Code workflow with HTTPS in addition to HTTP. This is required by some APIs that don't allow HTTP for the auth page.

Currently works with a certificate file named localhost.crt and private key file named localhost.key in the configuration directory. These files must be created manually, for example using openssl.

Questions:

  1. Should each API have its own certificate, or can they be shared?
  2. Should we be able to reference an existing certificate for an API?

To do:

  • [ ] generate certificate pair if not present

Closes #31

gdavison avatar Apr 05 '21 06:04 gdavison

Very interesting! I wonder if things could "just work" if we generate a real cert that browsers would accept and make local.rest.sh (or something similar) resolve to localhost. Any other ideas about how best to make this as painless as possible?

danielgtaylor avatar Apr 13 '21 20:04 danielgtaylor

mkcert makes creating localhost certs very easy https://github.com/FiloSottile/mkcert

dreverri avatar Dec 22 '21 03:12 dreverri