Hi,
I have a question regarding how to pass the authentication token when the builder makes a REST call to Che API.
In our scenario we use OAuth 2.0 protocol for authentication.
The request from the client to the builder service ("/builder/<workspace id>/build" API) passes the authentication token as an "Authorization: Bearer" header.
The builder then fetches information about the workspace by calling che workspace API "/workspace/<workspace id>".
In this request we have to pass the authentication token the same way it was received - as "Authorization: Bearer" header.
From looking deeper into the code that sends the REST call, it seems that a token taken from the current user is added to the request as a URL parameter, but no headers are added.
Is there currently a way to send the authentication token as a header?
If not, would a pull request for adding authentication to a request in a more general way be acceptable (allow the option of sending as a URL parameter, header and maybe cookie as well)?
Best regards,
Tal Sapan | T: +972 9 7779580 |
www.sap.com