-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handling of Zope root users #412
Conversation
1 similar comment
@tisto @sneridagh This one is ready for a final review. Can you check if it fixes your issues. I'm pretty sure it fixes #127 and #168, but I'm not sure I understand #178 correctly. |
@buchi thank you! We will look into it during this week. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. @sneridagh could you check tomorrow if that fixes our issues? If that's the case go ahead and merge.
Do not login users that are found in an acl_users folder without a JWT plugin.
Make sure every JWT PAS plugin uses a uniqe signing secret by appending it's path to the secret.
Also refactor token decoding.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another approach to fix #178, #127, #168
Obsoletes #378
@login
endpoints now checks for an installed JWT plugin in the acl_users folder where the logging in user has been found.