Enable Token Authorization by default

pytorch / serve

Serve, optimize and scale PyTorch models in production

https://pytorch.org/serve/

Apache License 2.0

4.17k stars 845 forks source link

Enable Token Authorization by default #3163

Closed udaij12 closed 3 months ago

udaij12 commented 4 months ago

Description

Setting token authorization by default #3157

Users can disable using environment variables, command line, or with config.properties. Check Documentation for examples

Tests

Updating all existing tests to disable token authorization except for token authorization tests in pytest

udaij12 commented 4 months ago

Why not enable the token authentication plugin by default to avoid big code changes and copying/pasting Token class?

I feel that if we are implementing token authorization as default it makes sense to integrate it into the frontend rather than as an external plugin as there is no need for that. It would also make future changes painful since we would have to build the plugin jar and publish to maven. It makes sense to integrate and remove the plugin completely so rather then duplication of code its just moving.

udaij12 commented 3 months ago

Can you add test for the priority b/w config file vs cmd, especially for the negative test cases (eg. conflict setting)?

Added the test and added more clarification in the docs.

udaij12 commented 3 months ago

Added new tests

generating new tokens once expired
priority with env, cmd, and config properties
priority with env and cmd