Support sending custom headers (e.g. session token) in requests from Isso JS client #812
Comments
ix5
added
server
|
Thanks for tagging @ix5 - just a note: AFAIK this does not necessarily affect the server side at all. Now I did it by hacking Anyway is for custom server side usage and not just a front UI issue or so, that's true. |
|
All I can say on this topic is that this is a prime example for the need for an extension system, both on the client and on the server. See #813 For example in the |
Hi - am using external authentication for users with Isso, because we embedded Isso in a system where already had user info, auth and sessions using bearer tokens.
For the Isso client side requests, like posting a new comment, I needed to add the session token to the requests. I hacked this in one way sort of ok way that works for us, by adding new Isso client param
bearer-token-cookiewith the name of a cookie. If that is defined,isso/js/app/api.jssets the value of that cookie to the bearer-token header. The commit for that is antont@c2fe703 (with some little fixes in later ones).Support for this would be nice to have in Isso upstream, but I figure this would not be the way, but something more generic could do it.
For example, there could be a setting with custom header name, and the name of a client side getter function, that would work for setting any header with whatever logic.
Or perhaps the client lib could provide some way to register a some decorator / callback for customizing requests, in
api.js?Am also open to other proposals. Am doing the actual authentication in a fastapi app, with fastapi-users, where I have a proxy for the Isso API where intercept the requests and inject username, planning to set the avatar there too, and perhaps do other feats related to auth. This is related to the discussion in #240 but a different topic, in my case it seems that simply supporting custom headers in the client would allow using external user auth.
The text was updated successfully, but these errors were encountered: