Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GUACAMOLE-956: Leverage HTTP header instead of query parameter for auth/session tokens. #649

Merged
merged 5 commits into from
Oct 25, 2021
Merged

GUACAMOLE-956: Leverage HTTP header instead of query parameter for auth/session tokens. #649

merged 5 commits into from
Oct 25, 2021

Conversation

mike-jumper
Copy link
Contributor

This change refactors the REST API to alternatively accept the authentication token via a Guacamole-Token header, and updates the JavaScript side of things to use that header instead of the old token parameter. The token parameter remains usable as an alternative means of submitting the token.

With the HTTP tunnel using the tunnel UUID as its own sort of session token (to allow the communication for the tunnel to span multiple HTTP requests), these changes also refactor the HTTP tunnel to decouple its internal concept of a session from the tunnel UUID, effectively removing the HTTP tunnel's token from the URL, as well.

The WebSocket tunnel has not been touched here. Part of the reason for this is that WebSocket does not provide for any means of submitting arbitrary headers along with the handshake, thus we must either continue to use the URL or use WebSocket messages. Arguably, continuing to use the WebSocket URL in this way is perfectly fine:

If we decide to change this, as well, I suggest we let that be a separate pull request.

@mike-jumper mike-jumper changed the title GUACAMOLE-956: Leverage HTTP header instead of query parameter for auth token. GUACAMOLE-956: Leverage HTTP header instead of query parameter for auth/session tokens. Oct 24, 2021
necouchman
necouchman reviewed Oct 25, 2021
View reviewed changes
Copy link
Contributor

@necouchman necouchman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty clean to me, just one minor wording issue in one of the comments.

guacamole/src/main/java/org/apache/guacamole/rest/RESTExceptionMapper.java Outdated Show resolved Hide resolved
@necouchman necouchman merged commit d05e379 into apache:staging/1.4.0 Oct 25, 2021
@mike-jumper mike-jumper deleted the token-header branch October 29, 2021 01:22
@iota-008
Copy link

iota-008 commented Mar 1, 2023

@mike-jumper how to implement this. i want to open the URL in a new tab with token in headers.

@necouchman
Copy link
Contributor

@iota-008: Please do not use merged pull requests as a discussion forum. This code was merged into version 1.4.0 - as long as you're running Guacamole Client 1.4.0 or later there is nothing you need to do to implement this.

@iota-008
Copy link

iota-008 commented Mar 1, 2023

@necouchman sorry! but where can I ask a question?

@necouchman
Copy link
Contributor

@iota-008 : On the mailing lists:

https://guacamole.apache.org/support/

@iota-008
Copy link

iota-008 commented Mar 4, 2023

@necouchman: I asked on the mailing list, but didn't receive any reply. I just have one question regarding this Guacamole-Token. Currently, I am just changing the URL to {guacServerUrl}/#/client/{connectionId}?{authToken}, passing the token in the query param, which directly connects to the VM. How to pass the token in header, I tried XMLHTTP get request but it is not working.

@necouchman
Copy link
Contributor

@iota-008 Yes, your post made it to the list, you'll jut have to wait on someone to reply, there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@necouchman necouchman necouchman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@mike-jumper @iota-008 @necouchman