allow api-session-auth feature flag to be set #279

pdurbin · 2023-05-11T18:24:20Z

There's a new feature flag called api-session-auth that I'd like to set to "true" or "1" so that the SPA can log in to the backend: http://preview.guides.gdcc.io/en/develop/installation/config.html#feature-flags

It should definitely be unset or explicitly off by default, because it's a potential security risk. (This is just for demos until we have bearer token support for the backend and the frontend.)

Please let me know if we can add this. Thanks! ❤️

donsizemore · 2023-05-19T16:51:50Z

@pdurbin would also like api-bearer-auth to be available. renaming the branch to 279_feature_flags and adding these two. per a conversation with Phil I'll keep these as simple JVM options for now, once there are more and the configuration solidifies I'll convert the calls to whatever the preferred way is at that time.

donsizemore self-assigned this May 19, 2023

donsizemore pushed a commit that referenced this issue May 19, 2023

#279 add two initial feature flags, api-session-auth and api-bearer-auth

b4df859

donsizemore pushed a commit that referenced this issue May 25, 2023

#279 add new bearer-auth and session-auth group_vars

274051b

donsizemore linked a pull request May 25, 2023 that will close this issue

add two initial feature flags, api-session-auth and api-bearer-auth #291

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

allow api-session-auth feature flag to be set #279

allow api-session-auth feature flag to be set #279

pdurbin commented May 11, 2023

donsizemore commented May 19, 2023

allow api-session-auth feature flag to be set #279

allow api-session-auth feature flag to be set #279

Comments

pdurbin commented May 11, 2023

donsizemore commented May 19, 2023