Access control and session management #583
Labels
enhancement
New feature or request
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? If yes, please describe the problem.
Related: #581
It would be great to have a way, similar to the way we manage the secrets to manage the sessions and scoping the accessible user data.
Reference
I like the idea of passing the request headers that are readable only to the resources.
Alternatively - the other option would be to add a hashing feature where a particular HTTP header contains a
hashof the Ask program with some secret likesha1(code+secret)- the way JWT tokens works in order to prevent the mid-man (user) from changing the scripts authorized by the frontend developer. The hash then should be generated somehow on the frontend eg. by Webpack plugin, based on server authorization keys passed by theENVin the compiling phase (to avoid sharing the server-side secret)The text was updated successfully, but these errors were encountered: