Allow access to specific service endpoints without authentication (e.g. for workspaces)

[JNKielmann]

For some services it is required that some of their endpoints are accessible without authentication. A concrete example is the ml-workspace (https://github.com/ml-tooling/ml-workspace). For its "Setup SSH Access" feature it provides a small command that should be run in your local terminal like this:

/bin/bash <(curl -s --insecure "http://localhost:30010/projects/5mmis74ej6oequbchjakb3w0g/services/ctxy-p-5mmis74ej6oequbchjakb3w0g-s-workspace/access/8080b/shared/ssh/setup?token=7397768abbb1d032c1f0947f6b99afc635607a75&host=localhost&port=30010")

However, the curl command fails, as there is no authentication header or cookie set. Do you have any idea on how this problem could be solved? Maybe there could be a way to disable the authentication for specific endpoints in the service configuration or some default /public endpoint is always served with no authentication?

Alternatively, we could also say that this is not supported and instead services like the workspace should be able to pick up the access token from an environment variable and integrate it into the command?

[raethlein]

I am wondering whether it's possible to set the authentication header / cookie in the curl command? I think you get the token in the cookie section of the browser or by login via command line.