Skip to content
This repository has been archived by the owner on Mar 23, 2022. It is now read-only.

Allow bearer-token pass-through instead of outright rejection #134

Closed
billbogaiv opened this issue Jan 31, 2017 · 1 comment
Closed

Allow bearer-token pass-through instead of outright rejection #134

billbogaiv opened this issue Jan 31, 2017 · 1 comment
Assignees
@billbogaiv

Comments

@billbogaiv
Copy link
Member

billbogaiv commented Jan 31, 2017
edited
Loading

Somewhat related to #133.

Background info.

For internal projects at Ritter, we want to allow a better dev. experience when working with apps. which talk to each other. When working locally, the communication normally flows using the other app's QA site. Identity Server is our auth provider when not running locally. To get our scenario to work, we need to augment the dev. app's auth configuration to use IdSrv and remember not to commit the changes.

Proposed change

Currently, Stuntman rejects the request if a bearer token is invalid. While this can continue to be the default behavior, an additional option will allow other auth providers a chance to validate the token. This now allows a scenario where we can have our dev. apps using Stuntman to pass a token to a QA-running app., let Stuntman on the latter get first crack at validating the token, and only passing to IdSrv if it cannot successfully validate.

A short test-session revealed that by removing the explicit 403 status code, the OWIN pipeline continued. The 403 seems to have special meaning, but I could not find where this actually comes into play and stops other middleware from executing.
@billbogaiv billbogaiv self-assigned this Jan 31, 2017
billbogaiv added a commit to billbogaiv/stuntman that referenced this issue Feb 1, 2017
@billbogaiv
Allow bearer token passthrough
7f0ebcc 
This enables a scenario where multiple bearer token middlewares are setup.
Previous behavior would stop at Stuntman with 403 if token did not match existing Stuntman user.

Implements ritterim#134
@billbogaiv billbogaiv mentioned this issue Feb 1, 2017
Merged
billbogaiv added a commit to billbogaiv/stuntman that referenced this issue Feb 1, 2017
@billbogaiv
Allow bearer token passthrough
5af86cc 
This enables a scenario where multiple bearer token middlewares are setup.
Previous behavior would stop at Stuntman with 403 if token did not match existing Stuntman user.

Implements ritterim#134
billbogaiv added a commit to billbogaiv/stuntman that referenced this issue Feb 1, 2017
@billbogaiv
Allow bearer token passthrough
5f74e22 
This enables a scenario where multiple bearer token middlewares are setup.
Previous behavior would stop at Stuntman with 403 if token did not match existing Stuntman user.

Implements ritterim#134
@billbogaiv
Copy link
Member Author

👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@billbogaiv billbogaiv

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@billbogaiv