Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional HTTP authorization types #2

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add additional HTTP authorization types #2

wants to merge 5 commits into from

Conversation

mgritter
Copy link
Contributor

@mgritter mgritter commented Jul 9, 2021
edited
Loading

This includes:

  • all registered types from IANA/IETF
  • a mechanism for marking proprietary headers as authorization
  • non-IANA types such as AWS and Microsoft (NTLM) that appear in the Authorization header

@mgritter mgritter requested review from liujed and thatplguy July 9, 2021 19:13
liujed
liujed reviewed Jul 9, 2021
View reviewed changes
proto/api_spec/method.proto
Comment on lines +169 to +172
// An application-specific authorization header, such as
// Github webhook's X-Hub-Signature-256 or X-Hub-Signature,
// *not* carried in "Authorization".
PROPRIETARY_HEADER = 11;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think consumers of the IR currently assume that these authorization types are associated with the Authorization header. We'll need to weed out all the places that make this assumption.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conversion to/from OpenAPI2/3 will need to be updated, as well as the translation of the IR -> frontend data structures. Maybe the visitors as well, @liujed? Seems doable though.

Copy link
Member

@liujed liujed Jul 9, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I recall, parts of the GitHub comment generator will need to be updated too. Certainly doable; just need to be careful to examine all the places where we look at these values.

thatplguy
thatplguy approved these changes Jul 9, 2021
View reviewed changes
proto/api_spec/method.proto
Comment on lines +169 to +172
// An application-specific authorization header, such as
// Github webhook's X-Hub-Signature-256 or X-Hub-Signature,
// *not* carried in "Authorization".
PROPRIETARY_HEADER = 11;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conversion to/from OpenAPI2/3 will need to be updated, as well as the translation of the IR -> frontend data structures. Maybe the visitors as well, @liujed? Seems doable though.

@mgritter mgritter mentioned this pull request Jul 9, 2021
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liujed liujed liujed left review comments

@thatplguy thatplguy thatplguy approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mgritter @liujed @thatplguy