Add authentication to the API #4
Assignees
Labels
enhancement
New feature or request
Comments
Waidhoferj
changed the title
|
More info about how to make this work, based on some dead ends today: We want to run the oauth client on the backend, and set a cookie in the browser with HTTP_ONLY set on it; this will protect it (mostly) from xss attacks. The front end will need to redirect to a special endpoint (something like /authorize), which will redirect the user to github, authenticate them, then redirect back to the api, which will set the cookie, and redirect back to the frontend. I think this is a reasonably secure, not too complicated way of doing this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to limit access to the write functions to authenticated users inside CSAI for the Argo API. Add OAuth to our flask server so that any sensitive function that updates the tour graph or image library will be protected. Add a small description to this issue about how to interact with the secured API
The text was updated successfully, but these errors were encountered: