Skip to content
Snippets Groups Projects
Closed option to allow anonymous API requests regardless of auth provider
  • View options

    • option to allow anonymous API requests regardless of auth provider

  • View options
    • Closed Issue created by Warren Gifford

    Created by: slimsag

    Today, it is only possible to allow anonymous API requests on a Sourcegraph instance (i.e. without specifying a token) when using "auth.public": true, but this option only works with the builtin auth provider and not the http-header or others.

    In some deployments it is desirable to use http-header or similar so that user accounts are not separately stored in Sourcegraph, but still allow anonymous API requests for e.g. ease of writing internal tooling without making use of access tokens.

    Proposal: add an "auth.public-api": true option which works regardless of auth provider type in use.

    I am optimistically tagging for 3.3, but this issue could be deferred to 3.4 if needed since this is a security related issue and all such changes have to be done right.

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first