Open finnWellers opened 4 years ago
Maybe we could combine this with or make use of the currently only private API TokenService
If we want to use an external library for this, maybe https://github.com/pac4j/spark-pac4j or https://www.keycloak.org/ might be an option. The former also has explicit support for Spark, which we use as well.
Describe the solution you'd like Add a service to connect a token with users in order to authorize certain endpoints.
oauth 2 support retrieve by command token (if permitted) for a webinterface, can create tokens and store and sscope for applications like via pluginID
Token has permissions of users, but restricted to certain plugins/controllers
otherwise seperate subjects for custom groups and permissions.
Should work via authentication header, something like x-jeak-authentication-header
Describe why you would like to see this implemented This is essential for access control