New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth tokens #136
Auth tokens #136
Conversation
Not sure how we can pass in an auth token to the aimmo-game-creator app. |
will add the token as hidden env var in Snap CI! |
@CelineBoudier I think an env var CREATOR_AUTH_TOKEN with the output of |
So it's now accessiable from Django (might need to be added to app.yaml?) but still not sure how to pass it into the container. |
yup! |
3efee2a should have a solution |
3efee2a
to
50070a9
Compare
I think this is done although there might be a better method for getting the token to the creator. |
50070a9
to
120360e
Compare
Fixes #115 |
@joshuablake if you write Fixes #115 in a commit it will actually close this issue once accepted :) |
a83ee86
to
364ef34
Compare
Derp, put the wrong issue number in, sorry |
364ef34
to
00f0509
Compare
* Use Avatar models that map a user to a game with their code (allows mutliple avatars per user is seperate game). Contains majority of work for ocadotechnology#21. * Use Game models with configurable permissions. Fixes ocadotechnology#79. * Support multiple games on the backend (managed by aimmo-game-creator) * Add UI for above.
8c79525
to
620008c
Compare
* Send auth_token in env variable to each worker * Check the worker's token when it requests its code
@mikebryant is probably the only one that knows what this is all about! |
@Spycho we should have auth on all of the comms between components |
Makes sense @mikebryant, I more meant you might know how that can be done, and how far these commits get us there, and how to resolve the merge conflicts. |
Closing this pull request to stale it. We will review this at a later stage and perhaps re-open it. |
Olaf: Closing this pull request to stale it. We will review this at a later stage and perhaps re-open it.
Requires #124 as that adds the models in the backend (diff with just this pull request).
Whenever a component receives a request, the receiver should check authentication from the caller. Workers should never know any other components auth token due to running user code.
Places where needs/has been implemented: