CRUD access control #982
-
|
I want to be able to use the CRUD endpoints and have them secured. The documentation around bearer tokens seem to be a work in progress. I've seen some old documentation about jwtSigningToken and also some mentions of it in source code, but haven't been able to make it work yet. Can someone provide an example on how to secure the CRUD endpoints? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
This is indeed work in progress, there will be an overhaul of the functionality and documentation for v3.5 (#717). But the basic functionality can be used already, here is an example with Keycloak: cfg.yml auth:
userInfoEndpoint: http://your.keycloak/realms/your.realm/protocol/openid-connect/userinfo
userNameKey: preferred_usernameservice.yml (this is actually the default) accessControl:
enabled: true
publicScopes:
- readYou then need to get a token from Keycloak for a user with the role |
Beta Was this translation helpful? Give feedback.
This is indeed work in progress, there will be an overhaul of the functionality and documentation for v3.5 (#717).
But the basic functionality can be used already, here is an example with Keycloak:
cfg.yml
service.yml (this is actually the default)
You then need to get a token from Keycloak for a user with the role
writeand pass it to ldproxy either viaAuthorization: Bearerheader or viaaccess_tokenparameter.