dufs icon indicating copy to clipboard operation
dufs copied to clipboard
verified publisher icon sigoden

Support Authentication via Token

Open sigoden opened this issue 1 year ago • 2 comments

Design Proposal

  • Allow the token to be included in either the query string (?token=<TOKEN>) or the request header (X-TOKEN: <TOKEN>).
  • The token will take precedence over the standard authorization header. If the token authentication fails, the system will then fall back to using the authorization header for authentication.
  • Each user will be assigned a unique token. The token will be refreshed every time the dufs service is restarted.

Why need this features

  • Some clients are unable to download protected resources due to their limitations in handling Basic/Digest authentication (See issues #462 and #465).
  • Solve the known compatibility problems associated with Basic/Digest authentication that can lead to unexpected errors (Refer to issue #510).
  • The WebUI can store the token in local storage, enabling users to remain logged in even after restarting their browsers.

sigoden avatar Jan 02 '25 03:01 sigoden

or even better trough saml for great entreprise use cases

fredleger avatar Jan 28 '25 16:01 fredleger

I like the idea of tokens. Especially if it was a JWT! From a security standpoint, it would be great if the token was regenerated each time a user logs in using their password. I would use the Authentication header with Bearer for this. Especially with the possibility of JWT and the OAuth 2.0 standard in mind.

leoneltrich avatar Feb 11 '25 14:02 leoneltrich