configurable-http-proxy icon indicating copy to clipboard operation
configurable-http-proxy copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

Token Authorization to Route

Open quasiben opened this issue 7 years ago • 5 comments

I'm interested in using a proxy with a token auth scheme. Is it out of scope for configurable-http-proxy to check a token/jwt before routing ?

quasiben avatar Nov 21 '16 17:11 quasiben

I think it might be. How would you handle that? A single app-wide token? Or per-route tokens? Checking cookies vs headers, etc.?

It's a bit of a can of worms to start implementing auth in the proxy, since there are so many different ways to do it.

minrk avatar Nov 22 '16 15:11 minrk

Or were you thinking of token-based routing (i.e. specifying the target based on token)? That's an interesting idea. I'm not sure quite how it would fit.

minrk avatar Nov 23 '16 19:11 minrk

Sorry, i took off for a bit. I was thinking about single app-wide tokens. Token generation should be handled by some other auth and be responsible for correctly generating the token/permissioning to a specific route. In this case, configurable-http-proxy simply checks if the JWT is valid or not

quasiben avatar Nov 28 '16 17:11 quasiben

I'm also interested with this enhancement.

It could be based on a simple cookie, and I can provide to the API, a list of cookies (name/values) allowed to access to the path. Other solution is to implement Oauth or any other solution, but it's much more complex

arnaudRenardRomeo avatar Apr 06 '17 15:04 arnaudRenardRomeo

I also think this would be a great feature. It could be implemented like --host-routing. The advantage of cookie based routing would be that all users get the same urls, which would allow sharing them. Right now e.g. it's not possible to readily share mybinder urls.

oschuett avatar Jan 18 '19 10:01 oschuett