You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A new special "Session" authentication type should be added, where the authentication simply expects a Session to be present otherwise a 401, or redirect to login, is returned.
This will help with scenarios where you want either Form, or AzureAD, or Basic authentication - and the user can pick the one they want to use. In this scenario, you'd have 3 login routes that would trigger the appropriate authentication flow, and on success a valid Session will be set on the Request. The Routes can use the Session authentication to verify a valid session, since there's no way to check for either of the 3 above auth methods in an sensible manner - even with the new Merge-PodeAuth, because of OAuth2 redirecting.
My thinking is to just have a new Add-PodeSessionAuth (in Sessions.ps1). This will setup auth to check/grab the session from the pode.sid cookie/header, if it's not there return 401/redirect to login, and if it is present set the auth'd user object appropriately.
If sessions are in used, return a 401. If the session has not auth'd user return a 401 as well.
The text was updated successfully, but these errors were encountered:
Describe the Change
A new special "Session" authentication type should be added, where the authentication simply expects a Session to be present otherwise a 401, or redirect to login, is returned.
This will help with scenarios where you want either Form, or AzureAD, or Basic authentication - and the user can pick the one they want to use. In this scenario, you'd have 3 login routes that would trigger the appropriate authentication flow, and on success a valid Session will be set on the Request. The Routes can use the Session authentication to verify a valid session, since there's no way to check for either of the 3 above auth methods in an sensible manner - even with the new
Merge-PodeAuth
, because of OAuth2 redirecting.My thinking is to just have a new
Add-PodeSessionAuth
(in Sessions.ps1). This will setup auth to check/grab the session from the pode.sid cookie/header, if it's not there return 401/redirect to login, and if it is present set the auth'd user object appropriately.If sessions are in used, return a 401. If the session has not auth'd user return a 401 as well.
The text was updated successfully, but these errors were encountered: