Document OPERATOR_TOKEN as required

netlify / gotrue

An SWT based API for managing users and issuing SWT tokens.

https://www.gotrueapi.org

MIT License

3.82k stars 283 forks source link

Document OPERATOR_TOKEN as required #288

Open adam-beck opened 3 years ago

adam-beck commented 3 years ago

- Summary

The documentation does not signal that the OPERATOR_TOKEN is required but the code indeed requires this.

- Test plan

Not Applicable

- Description for the changelog

Update Documentation regarding OPERATOR_TOKEN

- A picture of a cute animal (not mandatory but encouraged)

adam-beck commented 3 years ago

Unless I'm missing something (and I'm very new to Golang), it appears this line makes the OPERATOR_TOKEN required regardless if in multi-instance mode or not. I didn't see any way GlobalConfiguration wouldn't be used.

kangmingtay commented 3 years ago

Is there a reason why the OPERATOR_TOKEN is used to sign the token here instead of JWT_SECRET? It seems like regardless of whether gotrue is set to multi-instance mode or not, we use the operator token to sign the token when authenticating via external providers.

Thanks!