Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WebUI] Implement API Token Authentication in WebUI #3598

Open
hamidonos opened this issue Nov 8, 2024 · 0 comments
Open

[WebUI] Implement API Token Authentication in WebUI #3598

hamidonos opened this issue Nov 8, 2024 · 0 comments
Labels
web-ui

Comments

@hamidonos
Copy link
Collaborator

hamidonos commented Nov 8, 2024
edited
Loading

Situation

Currently the API Token is not used for authentication inside the SecHub WebUI.

Wanted

We want to enable API Token authentication so that users can either log in with OAuth2 or API Token.

Solution

  • Add Basic Auth login api to SecHub WebUI
  • Upon login attempt the WebUI Backend calls the SecHub Server to validate the Basic Auth Credentials
  • Make sure the API Token is set in the cookies (encrypted) after successful authentication
  • That way we ensure that the user is not logged out in the next request
  • The cookie should be alive for the 24h (configured by the backend)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
web-ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hamidonos