Open zhiltsov-max opened 2 years ago
@nmanovic Hey, is this feature implemented in the CVAT backend? If not, can I work on it? It seems pretty interesting to me.
@priyanshu-kun , sure, you can. We had very good proposals for GSoC 2024 for the feature.
@ritikraj26, @umangapatel123, would you mind to share your proposals? If you can help us to contribute the future, CVAT community will be happy.
@nmanovic Sure, I will share my proposal. I am also very much interested in implementing this feature.
@nmanovic, is this feature a GSoC 2024 project? Have you selected a contributor for it? I didn't see this project on the chosen project list on the GSoC'24 CVAT page.
@priyanshu-kun It was a GSoC 2024 Proposed project but due to the project limit for the organization in GSoC, this project was dropped.
@umangapatel123 Ohh, wanna collaborate with me to work upon this issue?
@priyanshu-kun Sure, I am more than happy to do that
fine as soon I got the free time I'll create a proposal, will disucss about that afterward. @umangapatel123
Sure, I would be happy to help !
Current Behaviour
Currently, the only possible way to auth a user is to pass credentials to the server. Password typing can be a potential security problem, also they need to be passed into other tools, if they are going to use API or SDK. Having only the password auth can also weaken the account security.
This will allow to authenticate in API clients when there is no basic auth available (e.g., when SSO is used for login).
Possible Solution
Examples: GitHub Personal Access Tokens (PAT) https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token