Hi,
Could you kindly take a look and reply to my question?
Best regards,
From: Sapan, Tal
Sent: יום ה 02
יולי 2015 18:18
To: 'che-dev@xxxxxxxxxxx'
Subject: Authentication token in requests from builder to che
Hi,
I have a question regarding how to pass the authentication token when the builder makes a REST call to Che API.
In our scenario we use OAuth 2.0 protocol for authentication.
The request from the client to the builder service ("/builder/<workspace id>/build" API) passes the authentication token as an "Authorization: Bearer" header.
The builder then fetches information about the workspace by calling che workspace API "/workspace/<workspace id>".
In this request we have to pass the authentication token the same way it was received - as "Authorization: Bearer" header.
From looking deeper into the code that sends the REST call, it seems that a token taken from the current user is added to the request as a URL parameter, but no headers are added.
This happens in other API calls as well (like export etc).
Is there currently a way to send the authentication token as a header?
If not, would a pull request for adding authentication to a request in a more general way be acceptable (allow the option of sending as a URL parameter, header and maybe cookie as well)?
Best regards,
Tal Sapan | T: +972 9 7779580 |
www.sap.com