| Re: [che-dev] Authentication token in requests from builder to che |
|
Hi, Could you kindly take a look and reply to my question? Best regards, Tal Sapan | T: +972 9 7779580 |
www.sap.com
From: Sapan, Tal
Hi, I have a question regarding how to pass the authentication token when the builder makes a REST call to Che API. In our scenario we use OAuth 2.0 protocol for authentication. The request from the client to the builder service ("/builder/<workspace id>/build" API) passes the authentication token as an "Authorization: Bearer" header. The builder then fetches information about the workspace by calling che workspace API "/workspace/<workspace id>". In this request we have to pass the authentication token the same way it was received - as "Authorization: Bearer" header. From looking deeper into the code that sends the REST call, it seems that a token taken from the current user is added to the request as a URL parameter, but no headers are added. This happens in other API calls as well (like export etc). Is there currently a way to send the authentication token as a header? If not, would a pull request for adding authentication to a request in a more general way be acceptable (allow the option of sending as a URL parameter, header and maybe cookie as well)? Best regards, Tal Sapan | T: +972 9 7779580 |
www.sap.com
|