Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement API handlers for downloading resources (reports, recordings, templates) using JWT #718

Closed
andrewazores opened this issue Oct 14, 2021 · 0 comments · Fixed by #719
Assignees
Labels
feat New feature or request

Comments

@andrewazores
Copy link
Member

cryostatio/cryostat-web#318 (comment)

To improve the UX for browser downloads of resources such as reports, recordings, and templates, there should be a way for a client to request a JWT token associated with a request to download a specific resource. The client can then make a follow-up request using that token to actually download the resource, and on the second request no Authorization/X-JMX-Authorization headers (or any others) should be required - all of the required information is contained within or represented by the JWT. Generating the JWT to begin with should require the user to be authenticated. The user must also pass an authorization check before being able to download the resource - this authorization check should probably happen when the user requests the JWT token. The JWT token generator endpoint therefore must identify the requesting user (by their Authorization header), but must also identify what permissions are required for the requested resource and check that the user is authorized to perform these actions.

@andrewazores andrewazores added the feat New feature or request label Oct 14, 2021
@andrewazores andrewazores self-assigned this Oct 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feat New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant