Only Basic authentication?



  • The api description states that authentication should be done using Basic authentication. This means that the token that gets sent only changes when the user or password is changed.

    Aren't you afraid that this way this information can leak causing people to access reports they're not allowed to and/or consuming someone else's credits?

    Are there any plans to set up an authentication mechanism that has a limited token lifetime, like OAuth 2.0 (with client credentials flow)?

    Thanks,
    Sander



  • Please join the conversation here - https://github.com/jsreport/jsreport/issues/274

    @bjrmatos Is currently finalizing support for OpenID and single sign on.
    He has done quite deep analysis about OAuth 2 in jsreport there as well.


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.