Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication and Authorization flow end to end working in Zally #1369

Open
harpreet86 opened this issue Mar 11, 2022 · 3 comments
Open

Authentication and Authorization flow end to end working in Zally #1369

harpreet86 opened this issue Mar 11, 2022 · 3 comments
Assignees
@tkrop
Labels
area: web UI Zally web interface issues question

Comments

@harpreet86
Copy link

Hello Guys,

Please suggest if Zally has the documentation page to see how the authentication will work end to end including web-ui and server side.
Unfortunately, I am not able to find so.

I found authentication related stuff only at got the link for web-ui component only at: https://github.com/zalando/zally/tree/main/web-ui

My understanding till the time is that:
We need a separate server for authentication and its URL needs to be configured in web-ui and server both.
The authentication server needs to expose the endpoints as mentioned at https://github.com/zalando/zally/tree/main/web-ui

I am not clear about what type of response is expected from the tokenInfoUrl to be configured in the server.
How authorization will be handled by Zally for the token.

Please suggest.
@harpreet86
Copy link
Author

Any updates?

@tkrop
Copy link
Member

tkrop commented Apr 8, 2022

Hi @harpreet86, sorry for the late response.

Unfortunately, it is out of scope for us to invest into the Zally Web UI and especially into end-to-end authorization.

Zalando uses a custom OAuth that is not working for others and therefore was never contributed to the open source project. However, we have started to migrate the Zally Web UI into a Backstage plugin and hope that we can open source this soon. When we have added a guide or template on how to setup a standalone server based on Backstage, we will start discontinuing the Zally Web UI in this repository.

Until than you are welcome to contribute or/and create a clone with your improvements.

@tkrop
Copy link
Member

tkrop commented Apr 8, 2022
edited

Sorry, and to answer your question: The Zally Web UI is not supporting OAuth 2.0 authentication at all - so there is also no documentation.

Opposite as stated in the API specification the Zally Server does also not support OAuth 2.0 but bearer tokens. It always was supporting bearer tokens, but when we created the first API using Open API spec 2.0 for it, there was no way to describe this correctly. Unfortunately, we failed to update the API spec when it got available. I will picky-bag this with the next dependency upgrade.

@tkrop tkrop added question area: web UI Zally web interface issues labels Apr 8, 2022
@tkrop tkrop self-assigned this Apr 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tkrop tkrop

Labels
area: web UI Zally web interface issues question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harpreet86 @tkrop