Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decryption for fetch Authorization #361

Open
NickCarducci opened this issue Nov 7, 2022 · 0 comments
Open

decryption for fetch Authorization #361

NickCarducci opened this issue Nov 7, 2022 · 0 comments

Comments

@NickCarducci
Copy link

Any API must have it's caller with authorization bearer credentials decrypted outside of the scope of the client, and cannot be even sent the results of an encrypting/decrypting service (to protect the API user from theft).

If a private decryption method can hide the result from the public client caller (function), wouldn't a nice proposal be to have a new global fetch method that decrypts the Authorization headers of a W3C fetch request? This way we can have logic on the client (cloudflare edge service worker tokenize, no redirect nor digital ocean second POST needed, perhaps just GET from such a service hosting an API key to be held privately).

Example and pitfall:

Here, the service decrypts instead of the potential new (fetch) private caller (method), but cannot decryption of the Authorization header be called by a method that is private from the client AND the Network tab in Chrome devtools inspect, perhaps only when finally sending to HTTP (as I imagine the code, the data populating devtools happens within the block before return)?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NickCarducci and others