mwvaughn
commented
2 years ago This is addressed in 01d799f wherein I have replaced the homegrown form with FastAPI's OAuth2PasswordRequestForm. In addition, I refactored the x_tapis_token dependency to use the OAuth2PasswordBearer scheme. This adds login support to the Swagger Docs UI and also makes the auth subsystem compliant with OAuth2 by accepting Authorization: Bearer $JWT instead of X-Tapis-Token.
The
/authendpoint currently accepts username/password as a JSON doc and returns a Tapis3 access token. This is not good security practice and is also not a standard pattern for authentication.