-
-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR] Allow authenticating via session cookie
+ csrf key
& csrf token
#1098
Labels
type:feature
Changes add a new feature
Comments
kiprasmel
changed the title
[FR] Allow authenticating via
[FR] Allow authenticating via Aug 22, 2020
session cookie
+ `csrf session cookie
+ csrf key
& csrf token
Definitely doable! the cookie should be easily added, the data part would require a little deeper of a change, but nothing more than maybe 20 min of work max |
Awesome! Do you think you can do it, or should I attempt it myself? Would rather prefer the former, but am okay with the latter:D Edit: I'm on it! |
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Aug 23, 2020
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Sep 30, 2020
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Sep 30, 2020
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Nov 12, 2020
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Feb 5, 2021
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Feb 5, 2021
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105
kiprasmel
pushed a commit
to kiprasmel/gitbeaker
that referenced
this issue
Feb 5, 2021
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105 Signed-off-by: Kipras Melnikovas <[email protected]>
toniopelo
pushed a commit
to toniopelo/gitbeaker
that referenced
this issue
Sep 15, 2021
Fixes jdalrymple#1098 These are the issues I encountered - please help: - [ ] fix TODOs - [ ] lint & fix (for me, there were a lot of unrelated changes after running lint:fix, so I didn't.) - [ ] verify this works because I couldn't test it because of jdalrymple#1105 Signed-off-by: Kipras Melnikovas <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
There's a
_gitlab_session
cookie present once you login to gitlab, who's access is restricted, but through a browser extension with some permissions (cookies, hosts & something else - I forget) you're able to get the cookie.And with it - you can authenticate. Well, almost - AFAIK the docs don't specify that, but you need to also add the
csrf-param
&csrf-token
to the request to be able to fully authenticate.Here's the request in it's simplest form, allowing you to perform authenticated actions - just as if you were authenticated with an API token (I assume, there're probably some differences):
Proposal
I'd like to be able to specify, as shown in the example above, the values of
GITLAB_SESSION_KEY
,GITLAB_SESSION_TOKEN
,GITLAB_CSRF_KEY
andGITLAB_CSRF_TOKEN
togitbeaker
, thus being able to make authenticated requests this way (instead of specifying the API key).How hard and time consuming would this be? I need to ship some stuff to the refined-gitlab extension ASAP and it'll be better to just use the basic
fetch
API without thegitbeaker
wrapper, but I'd hope to some day be able to refactor this:DThe text was updated successfully, but these errors were encountered: