This repository has been archived by the owner on Apr 16, 2023. It is now read-only.
[🚀] Authentication/Authorization service for REST controllers (basic) #203
Labels
api
Related to API changes / additions (internal API)
enhancement
New feature or request
feedback wanted
Extra discussion is needed
integration
Related to integration with OS & other projects (external API)
Describe the solution you'd like
Since plugins tend to implement REST controllers to improve accessibility of functions that are already available as commands, we should provide some similar basics here too.
One of those basics would be user Authentication (As in: Does this request originate from a specific user and - if so - from who is it?) and Authorization (As is: Is the actor allowed to peform this action?)
Describe why you would like to see this implemented
As desirable as a full-blown authentication & authorization mechanism would be, we should start somewhere more basic.
The basic needs are defined by these statements:
IUser
(or at leastISubject
). [Authentication]Authorization
header should be used for this and we should start with the non-standardToken
authorization scheme. (SimpleIUser
->IAuthenticationToken
association)The text was updated successfully, but these errors were encountered: