Comments (4)
So as far as I understand it, Authelia uses session cookies to pass through clients to the upstream app, while at the same time providing the app with some trusted identity.
I don't think I'd be able to grab these cookies from an isolated webview at all, and even then I'd have to grab ALL cookies and always send them with all API requests, which I'm not sure is something the app should do.
OTOH, as far as I understand it, excluding /api
from Authelia might be acceptable, other applications seem to have this same issue with Authelia, and I've seen this approach recommended. This could be combined with a "nice" way of grabbing the token through a webview.
Thoughts @hendrik1120, @RefineryX?
from swift-paperless.
Yes, you can't get the authelia cookies. These two issues are acutally not related, I was about to comment about that.
@RefineryX you actually need to bypass the api, there is no other way. Since you can authenticate against the api your authelia protection is now limited to vulnerabilities in the paperless login form/site not api endpoint.
My issue is more about the general login into paperless. If they change or add other authentication methods like oidc, the app can't use any of that. I am pretty sure that you can get the django session cookie from paperless, but this needs some work from the maintainers to return it in the request for you. Like nextcloud you could then basically install any auth plugin and all apps would still work.
In my case, authelia is basically bypassed but still handles authentication via the back channel.
from swift-paperless.
Ok, understood and agreed.
Indeed there would need to be some way to obtain the token via redirect after a web-based login to paperless. I don't currently have bandwidth to try to add this to paperless myself, but I agree this would be excellent, especially if OIDC gets merged!
from swift-paperless.
Please also consider the cases where people have no password setup
from swift-paperless.
Related Issues (20)
- Custom headers sent with API requests HOT 2
- Allow http networking HOT 2
- Support editing and filtering by storage paths HOT 1
- Enable app to be translated
- Add proper accessibility facilities
- Implement editing document ASNs, filtering by ASN HOT 2
- Present ML suggestions in edit UI
- Saved Views disappears HOT 4
- Filter bar pill visibility in dark mode HOT 1
- URL callback scheme for viewing documents
- Option to accept an access token instead of username/password HOT 2
- Support viewing and editing notes on documents
- Import File from Camera
- Paperless with application path HOT 9
- Login not Possible HOT 19
- French translation
- Improve error message in case document is too large
- Directly apply chosen document type, correspondent, storage path when editing / creating HOT 1
- Ability to copy link to document / document pdf
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swift-paperless.