The idea here is that we can restrict in the config.dist.yml what authentication options are available. The same can be done with env vars, or we can layer env vars over the config.dist.yml to allow again all (eg disallow one method by default and for certain environments it could be turned on again).
In code we would specify our auth handler like this:
and could restrict them to eg just Google and BasicAuth like this in the config.dist.yml:
httpserver:
default:
auth:
allowedAuthenticators:
- google
- basicAuth
All APIKey auths would then result in 401 Unauthorized.
This can then be extended to allowing different auth options on different environments through either different config.dist.yml files or env vars.
The idea here is that we can restrict in the config.dist.yml what authentication options are available. The same can be done with env vars, or we can layer env vars over the config.dist.yml to allow again all (eg disallow one method by default and for certain environments it could be turned on again).
In code we would specify our auth handler like this:
and could restrict them to eg just Google and BasicAuth like this in the config.dist.yml:
All APIKey auths would then result in
401 Unauthorized. This can then be extended to allowing different auth options on different environments through either different config.dist.yml files or env vars.