Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[All] Stop allowing all authenticated users by default #620

Closed
consideRatio opened this issue Jun 22, 2023 · 1 comment · Fixed by #625
Closed

[All] Stop allowing all authenticated users by default #620

consideRatio opened this issue Jun 22, 2023 · 1 comment · Fixed by #625
Assignees
@consideRatio
Labels
breaking new

Comments

@consideRatio
Copy link
Member

consideRatio commented Jun 22, 2023
edited
Loading

Our authenticators default to allowing all authenticated users if no set of allowed users are configured.

I think this default should change to not allow all authenticated users in those situations. At the same time, it should be possible to allow all authenticated users.

To accomplish this, I suggest we don't allow any user unless explicitly allowed by some config, and then also introduce the allow_all config defaulting to False, allowing all users to be allowed.

Related
This was referenced Jun 22, 2023
Closed
Closed
@consideRatio consideRatio changed the title Discussion: stop allowing all authenticated users by default [All] Stop allowing all authenticated users by default Jun 22, 2023
@manics
Copy link
Member

manics commented Jun 22, 2023

#609

@consideRatio consideRatio self-assigned this Jun 26, 2023
@consideRatio consideRatio mentioned this issue Jun 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@consideRatio consideRatio

Labels
breaking new
Projects
None yet
Milestone
No milestone
2 participants
@manics @consideRatio