diegodelemos
commented
5 years ago Closed by https://github.com/reanahub/reana-server/pull/160. We use the session cookie for browser clients and tokens for CLI clients.
Closed dinosk closed 5 years ago
diegodelemos
commented
5 years ago Closed by https://github.com/reanahub/reana-server/pull/160. We use the session cookie for browser clients and tokens for CLI clients.
The endpoints that will be queried from the UI will require a valid JWT, which is provided when a user logs in with a valid username (email) and password (access token for now). Currently, these endpoints are expecting an access token. In order to maintain both methods, we would need to identify the origin of the requests: UI -> JWT, API -> access token.
... Or we could even consider dropping the access tokens entirely, and add a
reana-client login --email ... --password ...command (relevant auth0.com blog post). There are a few challenges here, one I can see, would be passing a JWT in the openapi requests (which is possible), another would be finding an elegant way of storing the JWT on the user machine after it is attained (we could perhaps show a#export JWT=....message similar toreana-cluster env).