Project

General

Profile

Actions

Feature #18937

open

[config] simplify AnonymousUserToken configuration

Added by Ward Vandewege almost 3 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Low
Assigned To:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-
Release:
Release relationship:
Auto

Description

As identified in #18887, the "secret" configured for the AnonymousUserToken is anything but, by definition.

The current configuration reference says:

      # Set AnonymousUserToken to enable anonymous user access. Populate this
      # field with a random string at least 50 characters long.
      AnonymousUserToken: "" 

If the AnonymousUserToken is left blank, certain UI elements are not shown in Workbench1 (e.g. the "Browse public projects" link, etc). In that case, Workbench1 also does not append it to the reader_tokens list with each API call (see #18936).

Since the actual secret in the AnonymousUserToken is basically meaningless, perhaps this configuration could be simplified to

      # Set AllowAnonymousUserAccess to enable anonymous user access. When enabled, data will 
      # still need to be shared with the anonymous user before it can be accessed without
      # logging in. When disabled, no data can be accessed without logging in, regardless of
      # being shared with the anonymous user.
      AllowAnonymousUserAccess: false
Instead of configuring/generating/passing/checking an "anonymous token", if AllowAnonymousUserAccess is enabled, we could
  • accept incoming requests that have no token at all
  • accept token "none" to mean no token, so clients that have logic like "ARVADOS_API_TOKEN environment variable must be set" can still be used
  • always add "anonymous user" to the set of user UUIDs when checking permissions

Related issues 2 (2 open0 closed)

Blocks Arvados - Bug #18936: [api] [controller] remove reader_token supportNew

Actions
Blocks Arvados - Feature #18970: Add support for publicly shared collections (anonymous user)New

Actions
Actions #1

Updated by Ward Vandewege almost 3 years ago

  • Description updated (diff)
Actions #2

Updated by Ward Vandewege almost 3 years ago

  • Subject changed from [config] remove need for AnonymousUserToken configuration in most cases to [config] simplify AnonymousUserToken configuration
  • Priority changed from Normal to Low
Actions #3

Updated by Ward Vandewege almost 3 years ago

  • Related to Bug #18936: [api] [controller] remove reader_token support added
Actions #4

Updated by Tom Clegg almost 3 years ago

  • Description updated (diff)
Actions #5

Updated by Tom Clegg almost 3 years ago

  • Description updated (diff)
Actions #6

Updated by Peter Amstutz almost 3 years ago

  • Target version changed from 2022-04-13 Sprint to 2022-04-27 Sprint
Actions #7

Updated by Ward Vandewege over 2 years ago

  • Related to deleted (Bug #18936: [api] [controller] remove reader_token support)
Actions #8

Updated by Ward Vandewege over 2 years ago

  • Blocks Bug #18936: [api] [controller] remove reader_token support added
Actions #9

Updated by Ward Vandewege over 2 years ago

  • Blocks Feature #18970: Add support for publicly shared collections (anonymous user) added
Actions #10

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
Actions #11

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
Actions #12

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Actions #13

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #14

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-22 Sprint to 2022-07-06
Actions #15

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-06 to 2022-07-20
Actions #16

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions #17

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-08-03 Sprint to 2022-08-17 sprint
Actions #18

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-08-17 sprint to 2022-09-14 sprint
Actions #19

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-09-14 sprint to 2022-09-28 sprint
Actions #20

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Actions #21

Updated by Peter Amstutz over 2 years ago

  • Target version deleted (2022-10-12 sprint)
Actions #22

Updated by Lucas Di Pentima almost 2 years ago

  • Release set to 60
Actions

Also available in: Atom PDF