Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Genesys Backend Genesys Backend
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 25
    • Issues 25
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Genesys PGR
  • Genesys BackendGenesys Backend
  • Issues
  • #433
Closed
Open
Created Apr 08, 2019 by Matija Obreza@mobrezaOwner

Access token as Cookie

The /proxy handler in expressjs (https://gitlab.croptrust.org/genesys-pgr/genesys-ui/blob/master/server/middleware/httpProxy.ts#L18-25) checks request cookies for access_token and converts it to Authorization: Bearer ... HTTP header before forwarding the request to the API server.

Servlet

We need the API server to respect the access_token cookie, not just the Authorization HTTP request header. Maybe Spring Security libraries allow for this. If not, we need a servlet that is processed before OAuth auth servlets in the API that converts the cookie to the Authorization: Bearer ... header.

When this is implemented, we can remove the /proxy handler from genesys-new-ui project and update all HTTP links that start with /proxy/** to point to API URL directly.

Edited Apr 08, 2019 by Matija Obreza
Assignee
Assign to
Time tracking