You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a requirement to be able to mark an asset as public and then it should be possible to query/get these public assets without being authenticated.
Having a 'public' user with hardcoded credentials that are then baked into the frontend doesn't seem great plus would require direct access grant.
Simple solution maybe:
have a 'public' flag on asset
remove Roles allowed from AssetResource::queryAssets and to programmatically limit the query to assets with public=true if user is not authenticated (realm must be specified in the request otherwise fail i.e. don't allow public assets in the master realm)
The text was updated successfully, but these errors were encountered:
Done a temporary implementation that uses the AssetType to identify public assets, anything that starts with 'urn:openremote:publc' can be accessed using the /asset/public/query API endpoint.
A realm must be specified in the request path and only protected attributes and meta can be retrieved.
There is a requirement to be able to mark an asset as public and then it should be possible to query/get these public assets without being authenticated.
Having a 'public' user with hardcoded credentials that are then baked into the frontend doesn't seem great plus would require direct access grant.
Simple solution maybe:
The text was updated successfully, but these errors were encountered: