bindle icon indicating copy to clipboard operation
bindle copied to clipboard
verified publisher icon deislabs

Bindle server auth: support requiring auth for all request types

Open vdice opened this issue 3 years ago • 2 comments

Currently, GET requests to a bindle server with auth configured (say, basic http or oidc) appear to always be served, meaning anonymous auth is still possible for these request types.

I think it would be useful to allow configuration in the server to restrict all request types (including GETs) to requiring auth creds per the auth strategy the server is running with. Assuming we want to maintain the default of anonymous GETs, perhaps this would be an opt-in configuration/toggle.

vdice avatar Feb 23 '22 19:02 vdice

@thomastaylor312 or is it already possible today to configure a bindle server to mandate that all requests be authenticated?

vdice avatar Feb 24 '22 20:02 vdice

Not with how it is currently setup. We'll need to add a new Authorization implementation that checks if the user is authenticated. Should be a fairly simple code add, but then we need to add yet another branch to the match statement of doom in the server CLI code

thomastaylor312 avatar Feb 24 '22 22:02 thomastaylor312