Closed moebiusband73 closed 12 months ago
Also the fact that the Cookie based login takes place in Auth and not Login is not optimal. How does the Header JWT login initiates a session?
@ 1) Is the authenticator
loop not stopped via ServeHTTP + return
as soon as one authenticator succeeds? See
log.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects)
ctx := context.WithValue(r.Context(), ContextUserKey, user)
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
return
@ 2) Indeed we should move the cookie login there as well. Still, we should also better check if there is any hidden reason for the current solution though.
@ 3) URL (Crosslogin) Token is set and then further used in Login()
at jwt.go:118, if you mean that.
Refactor and document authentication module. Querstion: Is it on purpose that the authentication is not stopped if an authenticator is successful?