-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(auth): Tenant token #2096
feat(auth): Tenant token #2096
Conversation
67e2261
to
87a030a
Compare
87a030a
to
e20fc5a
Compare
27c99ab
to
14c5e84
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is half of my review as you updated the branche.
@@ -50,19 +50,23 @@ impl<P: Policy + 'static, D: 'static + Clone> FromRequest for GuardedData<P, D> | |||
Some("Bearer") => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean that bearer
(without the capitalization) will not be detected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only "Bearer" written with a capital is accepted, with exactly one space between it and the following key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uhm that is not http compliant: https://stackoverflow.com/a/5259004
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MarinPostma @Kerollmops, "Bearer" is not the Header name but a part of the Value, the header name is "Authentication".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if it's the good RFC, but, here is a pseudo regex matching the bearer auth:
The OAuth 2.0 Authorization Framework: Bearer Token Usage
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it is a real issue can you "Reference in a new issue", please? If it is not, let's merge that and pray!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no issue here, I don't understand your point. 😞
(I'm investigating why we have a failure with our CI on another PR) bors try |
tryBuild succeeded: |
bors try |
tryBuild succeeded: |
Make meilisearch support JWT authentication signed with meilisearch API keys using HS256, HS384 or HS512 algorithms. Related spec: meilisearch/specifications#89 Fix #1991
da6659c
to
7ca647f
Compare
bors try |
tryBuild succeeded: |
pub async fn get_all_stats(&self, index_filter: &Option<Vec<String>>) -> Result<Stats> { | ||
pub async fn get_all_stats(&self, search_rules: &SearchRules) -> Result<Stats> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll find a way to not depend on meilisearch auth here later, so that's ok for now
bors merge |
2096: feat(auth): Tenant token r=Kerollmops a=ManyTheFish Make meilisearch support JWT authentication signed with meilisearch API keys using HS256, HS384 or HS512 algorithms. Related spec: [specifications#89](meilisearch/specifications#89) [rendered](https://github.com/meilisearch/specifications/blob/scoped-api-keys/text/0089-tenant-tokens.md) Fix #1991 Co-authored-by: ManyTheFish <many@meilisearch.com>
This PR was included in a batch that successfully built, but then failed to merge into main. It will not be retried. Additional information: {"message":"1 review requesting changes and 1 approving review by reviewers with write access.","documentation_url":"https://docs.github.com/articles/about-protected-branches"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bors merge
Make meilisearch support JWT authentication signed with meilisearch API keys
using HS256, HS384 or HS512 algorithms.
Related spec: specifications#89 rendered
Fix #1991