Write With Authentication Mode #614
Comments
|
We would love that feature as a contribution. It might make sense to fork the repo first to develop the feature and then make a pull request from there? |
|
Sounds good, we'll fork then for now and pull request as soon as it's done. To make it clean I'll likely pull the spring boot data starter into it, providing the possibility to use either an embedded SQLite or an external PostgreSQL for now for storing the API secrets. Regarding which Endpoints are secured in which way, I would go for now with a solution that enables Auth Only as an alternative to Read Only Mode with a possibility to deactivate the protection for the GET Endpoints. That would offer both, those who want to fully protect it and those who only want to protect the Write Endpoints. If you have any comments/wishes please feel free to write. |
|
Also should master or develop be used as a starting point? |
|
Please fork from develop because the PR should go to develop. Thanks for checking. |
Hello everybody,
I'm working for large public institution in Austria and we recently, for one reason or another, have uncovered the need to provide, in addition to the public and read-only mode, a Write With Authentication Mode, meaning that the POST/PUT/PATCH/DELETE requests are not denied but allowed if you authenticate yourself (in our case preferably with an API Key), whilst the GET requests continue to not require any authentication.
Therefore I'm asking if you would be interested to add this to the codebase as we would be willing to contribute it (the details can be discussed, like if the secret would be provided via application property or stored in any form of data storage etc.) or if we should just do a fork.
The text was updated successfully, but these errors were encountered: