-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optional public evaluate route #1351
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Re-open? |
Yeah we def want to figure out a way to accomplish this that perhaps doesn't only limit to the |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
FYI we are tackling this with the work done to solve #368 Should be out within the next two weeks or so for anyone interested to try. Will keep this issue updated as well |
Awesome! Thanks for the great work so far and keeping this up to date :) |
Problem
We would like to use Flipt as a general feature-flag service. So both frontend/backend services will want to evaluate their flags.
The management dashboard will be secured using SSO.
However, when you enable authentication, this is enabled for all routes...meaning no flags can be evaluated anymore without providing proper authentication. When using a static token, you immediately provide access to the whole CRUD api.
For a frontend project, we cannot simply set a static token on the frontend side so we would have to proxy all the requests and attach the token somewhere else.
Whole discussion can be read here
Ideal Solution
As mentioned in the discussion, a more granular token based auth system is on the roadmap, however we're not there yet.
The solution I propose for this kind of use-case is to create another setting that toggles public access to the
evaluate
-endpoint.That way new flags can be securely created and managed using SSO and all services are allowed to evaluate their flags (which don't cause any risk).
example implementation
Let me know what you think.
Thanks!
The text was updated successfully, but these errors were encountered: