Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.

Switch authentication pipeline from cookies to token-based #105

Closed
Caiyeon opened this issue Jul 3, 2017 · 0 comments
Closed

Switch authentication pipeline from cookies to token-based #105

Caiyeon opened this issue Jul 3, 2017 · 0 comments
Assignees
@Caiyeon
Labels
major
Milestone
0.5.0

Comments

@Caiyeon
Copy link
Owner

Caiyeon commented Jul 3, 2017

Cookie-based authentication is proving to be a bit cumbersome to work with (simply because CSRF must be taken into consideration every change)

Since the authentication value itself is already encrypted by vault's transit key, there should simply be an endpoint in which the frontend can use to login (provide a raw vault token, receive a transit encrypted cipher). This cipher can then be used as a header to each http request, and the backend can verify this value as normal.

No cookies, no CSRF => less worries.

Also, this is almost necessary for #104 to happen
@Caiyeon Caiyeon added this to the 0.5.0 milestone Jul 3, 2017
@Caiyeon Caiyeon self-assigned this Jul 3, 2017
@Caiyeon Caiyeon added the major label Jul 4, 2017
Caiyeon added a commit that referenced this issue Jul 5, 2017
@Caiyeon
Change authentication from cookies to token-based (#105)
bb7f94d 
* Minor text fix

* Frontend switched from cookie to token based authentication

* Removed csrf from frontend, since cookies are no longer used

* Removed csrf from backend
@Caiyeon Caiyeon closed this as completed Jul 5, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Caiyeon Caiyeon

Labels
major
Projects
None yet
Milestone
0.5.0
Development

No branches or pull requests
1 participant
@Caiyeon