felixmosh
commented
1 month ago Hi, I'm not sure I get your use-case, why do you need granular validation? How auth token will provide that?
Open eternalee opened 1 month ago
felixmosh
commented
1 month ago Hi, I'm not sure I get your use-case, why do you need granular validation? How auth token will provide that?
eternalee
commented
1 month ago For example, different users have access to different bull jobs and the auth token may have roles stored inside
felixmosh
commented
1 month ago Ok, but this is exactly what the auth example does... Put a cookie with JWT, and in the middleware check you custom selection, no?
eternalee
commented
1 month ago Yes a cookie implementation works but I think something like how the auth token input is done in Swagger may be a bit more user-friendly, as a suggestion.
felixmosh
commented
1 month ago Swagger is an API docs app, it does make to allow adding an authorization header there.
If you have any specific flow that the board is not supports, I can check if it is relevant for it, or suggest other alternative, auth by default is not part of this lib.
Feature request:
Similar to how Swagger UI Docs have an Authorize button at the top, where the user can paste in a bearer Authorization token into the request headers, is it possible to add an Authorize button to the top of Bull Board? It could popup a modal for the user to paste in a bearer token. Then if it is provided, is it possible for all the subsequent Bull Board requests to include that bearer token in the request headers? I imagine we can then use the BullBoard middleware to check permissions.
The Passport auth example is great but I think this approach would give us more granular job/request-level access validation.
Thank you!