Problem to solve:
At the moment all Scalelite APIs use the same secret, this means that if you share your secret with someone who wants to connect an application to Scalelite, they also get access to the management APIs. If an attacker gains access to that secret they can do a lot more damage than before, for example by replacing the BBB servers with compromised ones.
Purposed solution:
I think it would be nice to be able to have a different secret for the management APIs.
Considered alternatives:
As a workaround I was able to use a tenant, since the tenant gets extracted from the API request URL you can create a token with the same name as the first part of your Scalelite domain (for example tenant bbb for Scalelite host bbb.example.com) and it will work without requiring subdomains. However this feels a little unstable since this isn't the expected way to use tenants.
Additional context:
The proper way to do this is probably to use tenants but we want to update to 1.5 without changing our Scalelite/BBB endpoint.
Problem to solve: At the moment all Scalelite APIs use the same secret, this means that if you share your secret with someone who wants to connect an application to Scalelite, they also get access to the management APIs. If an attacker gains access to that secret they can do a lot more damage than before, for example by replacing the BBB servers with compromised ones.
Purposed solution: I think it would be nice to be able to have a different secret for the management APIs.
Considered alternatives: As a workaround I was able to use a tenant, since the tenant gets extracted from the API request URL you can create a token with the same name as the first part of your Scalelite domain (for example tenant bbb for Scalelite host bbb.example.com) and it will work without requiring subdomains. However this feels a little unstable since this isn't the expected way to use tenants.
Additional context: The proper way to do this is probably to use tenants but we want to update to 1.5 without changing our Scalelite/BBB endpoint.