We could add some region configuration to let the onyxia administrator choose in the region if some jwt that onyxia ui collect could be injected in the helm charts exposed as a service in the catalog.
For instance:
jwt.kubernetes,
jwt.onyxia,
jwt.minio,
jwt.atlas,
jwt.generique for a generique client in the same realm at least.
This is a first proposal that could be discussed.
[Feature Amelioration]
The jwt are currently in the json payload of the PUT request when the user ask to launch a service over https.
It could be good for a long run like this but for more security as jwt could be a sensitive information we could think about some feature ameliration.
For instance : the jwt could be sign with a public key exposed by onyxia and the onyxia-api could own the private key to decript the jwt.
We could add some region configuration to let the onyxia administrator choose in the region if some jwt that onyxia ui collect could be injected in the helm charts exposed as a service in the catalog.
For instance:
This is a first proposal that could be discussed.
[Feature Amelioration] The jwt are currently in the json payload of the PUT request when the user ask to launch a service over https. It could be good for a long run like this but for more security as jwt could be a sensitive information we could think about some feature ameliration. For instance : the jwt could be sign with a public key exposed by onyxia and the onyxia-api could own the private key to decript the jwt.