-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication and Authorization flow end to end working in Zally #1369
Comments
Any updates? |
Hi @harpreet86, sorry for the late response. Unfortunately, it is out of scope for us to invest into the Zally Web UI and especially into end-to-end authorization. Zalando uses a custom OAuth that is not working for others and therefore was never contributed to the open source project. However, we have started to migrate the Zally Web UI into a Backstage plugin and hope that we can open source this soon. When we have added a guide or template on how to setup a standalone server based on Backstage, we will start discontinuing the Zally Web UI in this repository. Until than you are welcome to contribute or/and create a clone with your improvements. |
Sorry, and to answer your question: The Zally Web UI is not supporting OAuth 2.0 authentication at all - so there is also no documentation. Opposite as stated in the API specification the Zally Server does also not support OAuth 2.0 but bearer tokens. It always was supporting bearer tokens, but when we created the first API using Open API spec 2.0 for it, there was no way to describe this correctly. Unfortunately, we failed to update the API spec when it got available. I will picky-bag this with the next dependency upgrade. |
Hello Guys,
Please suggest if Zally has the documentation page to see how the authentication will work end to end including web-ui and server side.
Unfortunately, I am not able to find so.
I found authentication related stuff only at got the link for web-ui component only at: https://github.com/zalando/zally/tree/main/web-ui
My understanding till the time is that:
We need a separate server for authentication and its URL needs to be configured in web-ui and server both.
The authentication server needs to expose the endpoints as mentioned at https://github.com/zalando/zally/tree/main/web-ui
I am not clear about what type of response is expected from the tokenInfoUrl to be configured in the server.
How authorization will be handled by Zally for the token.
Please suggest.
The text was updated successfully, but these errors were encountered: