-
Requirement
-
Resolution: Unresolved
-
Major
-
Labs Workbench - Beta
-
None
When Basic Auth is enabled, APIs that do not expect a layer of Basic Auth over their own built-in authentication will fail with a "401 Unauthorized".
Services that will almost certainly encounter this same problem:
- Clowder + Extractors
- Clowder + ToolManager
- Dataverse + TwoRavens
- Dataverse + ToolManager
- HTTP Tunnel (Chisel)
With NDS-643, we are now respecting authRequired===false on specs by default, but the user can still enable Basic Auth manually and in doing so prevent their instance from functioning properly. We should discuss how to handle cases such as these in the long term.
This ticket is complete when we have:
- discussed how we plan to support Basic Auth over services that are unaware of its presence
- either:
- implemented new logic in the platform that can generically handle ignoring HTTP Basic Auth for internal requests (for example: some DNS to retrieve the internal IPs of services)
- OR
- implemented new logic in the UI that will prevent the user from enabling auth on these services (inadvisable, as ToolManager has no other inherent auth)