Support sending custom headers (e.g. session token) in requests from Isso JS client #812
Labels
client
(Javascript) client code and CSS
feature
needs-decision
Architectural/Behavioral decision by maintainers needed
server
(Python) server code
Milestone
Hi - am using external authentication for users with Isso, because we embedded Isso in a system where already had user info, auth and sessions using bearer tokens.
For the Isso client side requests, like posting a new comment, I needed to add the session token to the requests. I hacked this in one way sort of ok way that works for us, by adding new Isso client param
bearer-token-cookie
with the name of a cookie. If that is defined,isso/js/app/api.js
sets the value of that cookie to the bearer-token header. The commit for that is antont@c2fe703 (with some little fixes in later ones).Support for this would be nice to have in Isso upstream, but I figure this would not be the way, but something more generic could do it.
For example, there could be a setting with custom header name, and the name of a client side getter function, that would work for setting any header with whatever logic.
Or perhaps the client lib could provide some way to register a some decorator / callback for customizing requests, in
api.js
?Am also open to other proposals. Am doing the actual authentication in a fastapi app, with fastapi-users, where I have a proxy for the Isso API where intercept the requests and inject username, planning to set the avatar there too, and perhaps do other feats related to auth. This is related to the discussion in #240 but a different topic, in my case it seems that simply supporting custom headers in the client would allow using external user auth.
The text was updated successfully, but these errors were encountered: