-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Auth extension #81
Comments
Auth in general is a huge topic. I could imagine use cases for support basic auth as well, and probably others. |
As there are a lot of different authentication flows, I don't think this will be supported anytime soon, but I'm happy to accept and review PRs. Also, there are some security concerns. We need to ensure people don't deploy public catalogs with such credentials in them - the credentials are public then. There are request interceptors in STAC Browser 3 though so that could be a chance for some custom code that you could implement to support some of the individual authentication flows. So my recommendation would be to wait for a beta of STAC Browser 3 and start on top of that. |
It would be interesting to know what authentication methods providers implement so that we can make informed decisions on which authentication methods to support. The most commonly used I've seen is just a token in a query parameter, which is supported since today. May help for OAuth: https://github.com/dgrubelic/vue-authenticate |
There's now a configurable UI that can handle token/API key based authentication for query parameters and headers. See issue #210 (comment) and the |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
There's no also the Authentication extension, which is not supported in STAC Browser yet: https://github.com/stac-extensions/authentication |
|
I have a dynamic STAC catalog that requires me to specify my auth token as a header, like:
The JWT is required because the catalog is dynamic and it shows different data to different users, depending on what you are authorized to view.
Now, to get a token in the first place I have to do something like:
Which returns back something like:
So I think what I'd want is something like a local .stac-browserrc file where I can put my username, password, the fact that I want to use token based auth, the URL to hit to get a token, and then have the server just recognize this on startup, adding the required token header to every request on my behalf.
The token has a limited lifetime, so I would prefer if the server could be configured with a timeout to re-fetch a new token, but that's just a nice-to-have. I can restart the server over manually when running locally.
The text was updated successfully, but these errors were encountered: