Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pass Vault token back to requesting application instead of storing it in browser session #360

Open
sichen1234 opened this issue Nov 8, 2021 · 0 comments
Open

pass Vault token back to requesting application instead of storing it in browser session #360

sichen1234 opened this issue Nov 8, 2021 · 0 comments
Assignees
@Zzocker
Labels
mentorship-cactus

Comments

@sichen1234
Copy link
Contributor

Please change the vault identity UI authorization screen to pass the Vault token back to the requesting application instead of storing it in the browser session. This is the standard process for OAuth that we should also follow.

The vault identity UI authorization screen should take as parameters:

  • Name of calling application
  • Return URL with string ${vaultToken}

It should then ask the user to authenticate by saying "Please authenticate access for ${Name of calling application}." Once the user authenticates, it should return the Vault token as a parameter of the ${return url} , replacing ${vaultToken} with the actual vault token.

Vault token should no longer be stored in browser session storage.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zzocker Zzocker

Labels
mentorship-cactus
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sichen1234 @Zzocker