MHey @Stefan-SW - could you tell a bit more about the third-party integrations? Maybe we can figure out how to integrate them in a more safe way.
MWould it be possible for example to use a reverse proxy for authentication instead?
SIt's already some time ago but I played around with ambassador extAuth(https://www.getambassador.io/docs/edge-stack/latest/topics/running/services/ext-authz) which limits request to only authenticated request, which could move your login to before the application and you only get the token on the applications, but obviously with more required configuration on the ambassador side. Never got to the point to include it in anything production-level, but maybe it's worth trying out? There are also some projects around which already cover OIDC for example(https://github.com/ajmyyra/ambassador-auth-oidc).
ExtAuth protocol. The ExtAuth service receives info about every request through Ambassador and must indicate whether the request is to be allowed or not
MOk understand. Exactly the reason why we're building the login api.
Can't think of a way on how to get around that at the moment. Maybe someone from the team or the community might be able to help.
Two ideas come to my mind as a starting point: 1/ using service users, 2/ playing around with the iframes (/settings?id=security) -- again not really recommended
Can't think of a way on how to get around that at the moment. Maybe someone from the team or the community might be able to help.
Two ideas come to my mind as a starting point: 1/ using service users, 2/ playing around with the iframes (/settings?id=security) -- again not really recommended
MOk, let us know how it went. Would actually be interesting to know, because I think there were other people with apps like extensions or games here in the chat.
MRe prio: We are currently ca. in the middle of IDP Templates which is a total overdue must for us, since many user want an easy way to setup external idps (especially non-compliant ones). Directly after that comes the Login-API as next big-rock item.
M
Ok, yeah. I've seen populating html login forms with a script quite some times in the wild with legacy solutions.MAre you using our cloud service? or self-hosted?
MBecause in our cloud there's a good chance that our threat mitigation and rate limits will become an headache for you
MYes that's obviously the other part. Sure if it's self-hosted that might actually work.
MThanks! Thats nice to hear!