Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support "Authorization" header in import #255

Open
fkusei opened this issue Oct 7, 2024 · 3 comments · May be fixed by #256
Open

Support "Authorization" header in import #255

fkusei opened this issue Oct 7, 2024 · 3 comments · May be fixed by #256

Comments

@fkusei
Copy link

fkusei commented Oct 7, 2024
edited
Loading

In

tracker/src/Application/Controller/Import.php

Lines 457 to 462 in a1757f5

case 'header':
$client->addHeader(
'Authentication',
(isset($import['auth_header']))? $import['auth_header'] : ''
);
break;
we have support for the "Authentication" header. Most newer applications use the "Authorization" header instead.

The tracker should also have support for that header.
@a-tze
Copy link
Collaborator

a-tze commented Oct 7, 2024

Please keep in mind that the authentication scheme is custom-made, and not following some standard, e.g. bearer token or JWT. So there is possibly no point in using a standardized header name that 3rd party can send, if the header content cannot be produced correctly by that 3rd party software.

Additionally, the name "Authentication" is more correct, as the header only proofs "who" the client is, not what the client is allowed to do (in contrast to modern API tokens and such). IIRC this was one of the reasons for choosing that particular header name.

IMO you should clarify if you just find the name unsuitable or if you think the tracker should support a standard authentication/authorization mechanism like JWT.

@fkusei
Copy link
Author

fkusei commented Oct 7, 2024

I believe you misunderstood. This issue is about using the "Authorization" header when requesting the schedule.xml for importing the Fahrplan into the tracker :)

(I'm happy to provide a pull request for that later in the week)

@a-tze
Copy link
Collaborator

a-tze commented Oct 7, 2024

Ahh it's outgoing - okay, the code snippet was too short to see that. That is 100% useful of course.

Kunsi added a commit to Kunsi/crs-tracker that referenced this issue Oct 19, 2024
@Kunsi
Import: support "Authorization" header as well
244893d 
This is used (for example) by pretalx to access the schedule if it is set
to not be available publicly.

This fixes crs-tools#255
@Kunsi Kunsi linked a pull request Oct 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Import: support "Authorization" header as well Kunsi/crs-tracker
2 participants
@a-tze @fkusei