-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access denied on API due to hardcoded authorization URL #77
Comments
The auth server can be disabled by specifying AUTH_API_KEY=none instead of using an auth server. Example of running a non-authenticating server using docker: docker run --rm -it -p 9090:9090 --env AUTH_API_KEY=none --env CORS_ORIGIN=".*" process-optimizer-api |
It should still work - I have done a test today using the master branch of api and frontend API: docker build -t process-optimizer-api --build-arg GITHUB_REF_NAME=$(git describe --always) .
docker run --rm -it -p 9090:9090 --env AUTH_API_KEY=none --env CORS_ORIGIN=".*" process-optimizer-api Frontend: npm ci
npm run bootstrap
npm run dev:app How are you starting the frontend in your example? |
ah okay I see where I'm going wrong, I am using version 1.6.3 of the frontend and that one does not send "apikey=none" in the url parameters, but I made the assumption that frontend version 1.6.3 was the "correct" version as its the last version with a version number tagged and also tagged also thanks for looking into it, much appreciated! |
I've added a pull request to fix up the docker compose file #79 |
Great! Regarding the versioning of the frontend, there currently is no tagged version of the frontend. This is a regression introduced when we refactored the repository and split up the frontend into library components and a sample app using those libraries. See BoostV/process-optimizer-frontend#323 For now you can track the tag @boostv/process-optimizer-frontend-ui and pull the frontend image based on the commit sha of that tag. |
I can't submit jobs to the API via the frontend (version 1.6.3) when I run this locally.
It appears the
openapi/specification.yml
file currently has a hardcoded authorization URL and it seems deleting the entire authentication block from the file fixes that problem.I believe the solution to this should be to make values configurable via environment variables.
I'm currently trying to figure out how to make this a configurable setting in order to run this internally, by utilizing jinja2 templating.
The text was updated successfully, but these errors were encountered: