From daa64dcfabcf4f8e2efccf05fcaf6f6ee68601fe Mon Sep 17 00:00:00 2001 From: Patrik Oldsberg Date: Tue, 30 Jan 2024 13:50:15 +0100 Subject: [PATCH] beps/0003: add goal to implement some obo flow Signed-off-by: Patrik Oldsberg --- beps/0003-auth-architecture-evolution/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/beps/0003-auth-architecture-evolution/README.md b/beps/0003-auth-architecture-evolution/README.md index ba9ffd5ae4..cc076acae1 100644 --- a/beps/0003-auth-architecture-evolution/README.md +++ b/beps/0003-auth-architecture-evolution/README.md @@ -52,6 +52,7 @@ The following goals are the primary focus of this BEP: - Cookie-based authentication of requests for static assets that protects against CSRF attacks and does not unnecessarily expose user tokens. - Basic improvements to the service-to-service auth service interfaces such that we are confident that we do not need to break them in the near future. - If possible we will keep using the existing symmetrical keys that are used today, but it is likely that we will need to break compatibility of existing tokens. + - Encapsulation of user credentials in upstream service requests, avoiding the pattern where backend plugins re-use the user token directly for their outgoing requests. ### Non-Goals