Do not deploy auth-bearer service by default #4692
Comments
rhafer
added a commit
to rhafer/ocis
that referenced
this issue
Sep 28, 2022
The auth-bearer service is currently not needed by ocis. Reva tookens for oidc authenticated clients are currently minted via the auth-machine service. This commit does not completely remove the service as we shoud consider to rework the proxy's oidc middleware to use the auth-bearer service in the future (see owncloud#4701) Fixes: owncloud#4692
rhafer
added a commit
to rhafer/ocis
that referenced
this issue
Sep 28, 2022
The auth-bearer service is currently not needed by ocis. Reva tookens for oidc authenticated clients are currently minted via the auth-machine service. This commit does not completely remove the service as we shoud consider to rework the proxy's oidc middleware to use the auth-bearer service in the future (see owncloud#4701) Fixes: owncloud#4692
73 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Currently the auth-bearer reva-service is not used by ocis (see #4616 for details). All verification for oidc tokens is done by a separate middleware in ocis. Be should not start it by default and remove it from the example deployments.
In the longer might be a good idea to rework the ocis middleware in the proxy to use the auth-bearer service. This would get us rid of quite a bit of redundant functionality. (But would also require some work on the auth-bearer service)
The text was updated successfully, but these errors were encountered: