Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI - Improve autologin experience when wrapped_token provided #5107

Closed
zx8 opened this issue Aug 15, 2018 · 5 comments
Closed

UI - Improve autologin experience when wrapped_token provided #5107

zx8 opened this issue Aug 15, 2018 · 5 comments

Comments

@zx8
Copy link

zx8 commented Aug 15, 2018
edited
Loading

Is your feature request related to a problem? Please describe.

#4854 introduced the ability to auto-login via a new query parameter (wrapped_token). However, this only works the first time someone follows the link. Once they are logged in, it won't work if they follow another link with a different wrapped_token

Describe the solution you'd like
It would be great to either have the UI:

  • Automatically ensure the visitor is first logged out if the wrapped_token parameter is present.
  • Be able to provide a second query parameter to ensure the user is logged out.

My use-case is sharing of ephemeral secrets over insecure channels (e.g. sending credentials over Slack). The token linked to these credentials has a limited number of uses and a TTL of a few minutes, so is quickly destroyed.
@meirish
Copy link
Contributor

meirish commented Aug 16, 2018

Logout is implemented as its own route in the application, so not the most elegant, but you could point them at the logout url with the query parameter. This would log out the current session, but the query param is bound at a higher level in the route hierarchy and only consumed on the auth route, so it stays in the url as the app gets redirected to auth, and then the normal lookup / fill / submit works as if you'd just input it at the root URL.

I tested this locally and it works, this was the URL:
http://localhost:4200/ui/vault/logout?wrapped_token=3f40d8b7-c102-b578-bb61-470daae0d50b

@zx8
Copy link
Author

zx8 commented Aug 17, 2018

Thanks, I'll give this a go. It's more or less good enough for what I'm trying to achieve.

It would be great to be able to link directly to a specific secret so the person I'm sharing the secret with doesn't have to click through the UI and in doing so decrease the token's remaining number of uses, but I'm happy enough with this as a solution so I'll go ahead and close this.

@zx8 zx8 closed this as completed Aug 17, 2018
@zx8
Copy link
Author

zx8 commented Jul 5, 2019

@meirish Almost a year on, just wanted to check back in to confirm whether #5107 (comment) is still the recommended solution to this?

@meirish
Copy link
Contributor

meirish commented Jul 5, 2019

@zx8 It is, yes - we're planning on adding a way to unwrap secrets when you're unauthenticated but don't have a timeline for that yet. I also opened #7068 to track the redirect issue - sorry that slipped through!

@zx8
Copy link
Author

zx8 commented Jul 5, 2019

@meirish That's great news! Thanks for the update.

@zx8 zx8 mentioned this issue Aug 7, 2019
Merged
@ileeds ileeds mentioned this issue Sep 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@meirish @zx8