trrenty
commented
7 months ago The issue was fixed as a result of #40 . Now, the JWT_SECRET needs to be filled in the administration section in order to support only office document servers that have JWT enabled.
I created #42 as an extension to this issue.
It seems onlyoffice has a JWT Token configuration which would allow to limit usage of an Onlyoffice server to specific users:
Local install: See https://api.onlyoffice.com/editors/signature/
Docker version: https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx See JWT_ENABLED: Specifies the enabling the JSON web token validation by ONLYOFFICE Docs. Defaults to false. JWT_SECRET: Defines the secret key to validate the JSON web token in the request to ONLYOFFICE Docs. Defaults to secret. JWT_HEADER: Defines the HTTP header that will be used to send the JSON web token. Defaults to Authorization. JWT_IN_BODY: Specifies the enabling the token validation in the request body to the ONLYOFFICE Docs. Defaults to false.
This token can be passed by session in header or in body: https://api.onlyoffice.com/editors/signature/request https://api.onlyoffice.com/editors/signature/body
We should check if we can implement this.