Skip to content

cred: add HEAD support for generate endpoint #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pdowler merged 4 commits into from
Apr 30, 2025
Merged

cred: add HEAD support for generate endpoint #56

pdowler merged 4 commits into from
Apr 30, 2025

Conversation

@pdowler
Copy link
Member

@pdowler pdowler commented Apr 24, 2025

tweak internal IdentityManager to filter out X509 security methods from original IM

pdowler added 2 commits April 24, 2025 16:14
@pdowler
cred: add HEAD support for generate endpoint
76a7811 
tweak internal IdentityManager to filter out X509 security methods
from original IM
@pdowler
oops, add new file
63d0d8e
@pdowler
Copy link
Member Author

pdowler commented Apr 25, 2025
edited
Loading

HEAD: since clients will see the /cred/generate URL in challenges from other services, I wanted HEAD to work there. From my test deploy:

curl --head https://haproxy.cadc.dao.nrc.ca/cred/generate
HTTP/2 200 
server: OpenCADC/cadc-rest
www-authenticate: Basic realm="https://haproxy.cadc.dao.nrc.ca/cred"
www-authenticate: ivoa_cookie
www-authenticate: ivoa_bearer standard_id="ivo://ivoa.net/sso#tls-with-password", access_url="https://ws-cadc.canfar.net/ac/login", HACK=temporary
www-authenticate: Bearer

Note that the filtering out of cert support in the internal IdentityManager wrapper causes this to not emit ivoa_x509 challenges. I think this is more correct because no one can use a cert to get a new cert for the same identity (yes, internally an admin cert can be used, but there's no way or need to advertise that subtle bit).

andamian
andamian approved these changes Apr 25, 2025
View reviewed changes
Copy link
Contributor

@andamian andamian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copyright years were not updated but I leave it up to you if you want to do it but if you do, you might also want to put a comment with the reason the cert option is excluded. It looks good otherwise.

@pdowler
Copy link
Member Author

pdowler commented Apr 25, 2025

I will fix, especially the comment

@pdowler pdowler merged commit afe8145 into opencadc:main Apr 30, 2025
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andamian andamian andamian approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pdowler @andamian