Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENH] Support authentication only via OIDC #96

Open
ThoreKr opened this issue May 26, 2021 · 0 comments
Open

[ENH] Support authentication only via OIDC #96

ThoreKr opened this issue May 26, 2021 · 0 comments
Labels
enhancement

Comments

@ThoreKr
Copy link
Contributor

ThoreKr commented May 26, 2021
edited
Loading

Motivation

Services which do not make use of extended agent features, such as the requirements bazaar, currently employ the anti pattern of shared, reused passwords which are known to any service which got an access token from the same identity provider.

Furthermore sending the access token in a separate header could become another thread to the users privacy as http agent mechanisms to strip the auhorization header when following redirects are ineffective.

Ideally, to decrease integration efforts and to encourage the use of standard libraries, authentication should be possible through a regular oidc flow, without the need for additional tweaks and headers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ThoreKr