Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add global access token setting and validation #735

Merged
merged 6 commits into from
Dec 12, 2023
Merged

Add global access token setting and validation #735

merged 6 commits into from
Dec 12, 2023

Conversation

DeflateAwning
Copy link
Contributor

This PR is a feature addition, which allows the addition of a global access token to all endpoints.

This feature is important because it allows implementing a basic security, in cases where the endpoint is routed through a machine-to-machine connection. For example, a Ruby API handles all incoming requests and performs the user permissions validation, and then proxies the requests onto a TiTiler server; no requests from outside the Ruby API should be allowed to access the TiTiler endpoints directly.

Please advise if any changed are required for acceptance of this small feature addition!

@vincentsarago
Copy link
Member

Dear @DeflateAwning

We appreciate the contribution.

Adding Auth on top of titiler application should be done at user level. We see titiler.application module as a demo not as something that should get used in production and specifically if users required auth.

Global access token is pretty weak auth and I don't think it provide real security (IMO) which is why in the documentation we added https://developmentseed.org/titiler/examples/code/tiler_with_auth/ to show how users can implement auth on their own application.

@DeflateAwning
Copy link
Contributor Author

I agree that's it's not cut out for every use case, but I maintain that it's a good method method, in cases where the authentication is handled through another system. Managing two authorization tools when TiTiler is being proxied through another API with authentication is ineffective.

@vincentsarago
Copy link
Member

@DeflateAwning can you resolve the issue to make sure the code works with python 3.8 🙏

@DeflateAwning
Copy link
Contributor Author

Done! Forgot about that old Python3.8/3.9 type hinting syntax

@vincentsarago
Copy link
Member

@DeflateAwning can you run pre-commit 🙏

@DeflateAwning
Copy link
Contributor Author

DeflateAwning commented Dec 11, 2023
edited
Loading

Hmm, I ran all the content in CONTRIBUTING.md before the Docs section, and then ran pre-commit, but there are no changes detected (on the latest version of this code). Is there something I'm missing? Was in Python3.11 venv.

@DeflateAwning
Copy link
Contributor Author

Fixed. I changed 403 to 401 everywhere applicable (including docs).

@vincentsarago vincentsarago merged commit 350da5f into developmentseed:main Dec 12, 2023
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vincentsarago vincentsarago vincentsarago left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DeflateAwning @vincentsarago