Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow requiring authentication for all operations #7091

Open
jdemilledt opened this issue Jul 3, 2019 · 5 comments
Open

Allow requiring authentication for all operations #7091

jdemilledt opened this issue Jul 3, 2019 · 5 comments

Comments

@jdemilledt
Copy link

@jdemilledt jdemilledt commented Jul 3, 2019

Describe the problem you are trying to solve
Currently, for methods such as search, cargo does not offer authentication to alternative registries. For companies with private projects, this is an issue.

Describe the solution you'd like
Have a config option (or automatically) to pass Authorization headers to all API functions.

Notes
Adds on to #6843.

@jdemilledt

This comment has been minimized.

Copy link
Author

@jdemilledt jdemilledt commented Jul 4, 2019

I am beginning to program a solution to this.

@ehuss ehuss added the A-registries label Jul 5, 2019
@ehuss

This comment has been minimized.

Copy link
Contributor

@ehuss ehuss commented Jul 5, 2019

This may need an RFC process to move forward, since authentication can be a tricky thing, and different people may have different requirements.

I think ideally the authentication requirements for a registry would be defined in config.json. Just including the token in more requests would be trivial. But there may be more to do, and it would be good if was easy to extend in the future.

cc #6843

@jdemilledt

This comment has been minimized.

@TimDiekmann

This comment has been minimized.

Copy link

@TimDiekmann TimDiekmann commented Sep 13, 2019

This may need an RFC process to move forward, since authentication can be a tricky thing, and different people may have different requirements.

Currently, all methods but search and download passes the authentication token. It's inconsistent to not pass it to those methods, and - as you mentioned - it would be trivial to implement it.

Sure, token based authentication won't fulfill all users need, but when another authentication method will be implemented, the other API methods has to be changed as well and the tokens may be used as default.

@mcorbin

This comment has been minimized.

Copy link

@mcorbin mcorbin commented Dec 12, 2019

I'm also waiting for this feature.
I had to disable authentication for search and download on my alternative registry, which feels a bit strange.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.