1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
unleash.unleash/website/docs/reference
Gastón Fournier 70499dc1d4
feat: allow api token middleware to fetch from db (#6344)
## About the changes
When edge is configured to automatically generate tokens, it requires
the token to be present in all unleash instances.
It's behind a flag which enables us to turn it on on a case by case
scenario.

The risk of this implementation is that we'd be adding load to the
database in the middleware that evaluates tokens (which are present in
mostly all our API calls. We only query when the token is missing but
because the /client and /frontend endpoints which will be the affected
ones are high throughput, we want to be extra careful to avoid DDoSing
ourselves

## Alternatives:
One alternative would be that we merge the two endpoints into one.
Currently, Edge does the following:
If the token is not valid, it tries to create a token using a service
account token and /api/admin/create-token endpoint. Then it uses the
token generated (which is returned from the prior endpoint) to query
/api/frontend. What if we could call /api/frontend with the same service
account we use to create the token? It may sound risky but if the same
application holding the service account token with permission to create
a token, can call /api/frontend via the generated token, shouldn't it be
able to call the endpoint directly?

The purpose of the token is authentication and authorization. With the
two tokens we are authenticating the same app with 2 different
authorization scopes, but because it's the same app we are
authenticating, can't we just use one token and assume that the app has
both scopes?

If the service account already has permissions to create a token and
then use that token for further actions, allowing it to directly call
/api/frontend does not necessarily introduce new security risks. The
only risk is allowing the app to generate new tokens. Which leads to the
third alternative: should we just remove this option from edge?
2024-02-27 16:08:44 +01:00
..
api/legacy/unleash docs(1-1262): Change addons -> integrations (#4523) 2023-09-14 15:27:51 +02:00
integrations feat: datadog integration - link to valid source type names (#5608) 2023-12-12 14:37:41 +01:00
sdks Docs: Client-side feature flag querying behavior update (#5244) 2023-11-02 09:43:39 -04:00
activation-strategies.md docs: suggest to use strategy constraints instead of custom strategies (#4215) 2023-07-11 11:35:58 +02:00
api-tokens-and-client-keys.mdx docs: add deprecation notice to Admin tokens (#5909) 2024-01-18 09:58:40 +01:00
archived-toggles.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
banners.md docs: banners (#5173) 2023-10-27 09:16:56 -05:00
change-requests.md docs: mention that environment-level variants also suspend CRs now (#6211) 2024-02-14 10:12:39 +09:00
custom-activation-strategies.md docs: suggest to use strategy constraints instead of custom strategies (#4215) 2023-07-11 11:35:58 +02:00
dependent-features.md docs: fix go and php versions with dependent flags support (#5420) 2023-11-27 13:04:54 +01:00
environments.md docs(1-1262): Change addons -> integrations (#4523) 2023-09-14 15:27:51 +02:00
event-log.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
event-types.mdx Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
feature-flag-naming-patterns.mdx docs: update availability notice to say patterns were released in 5.7 (#6160) 2024-02-08 09:05:57 +09:00
feature-toggle-types.md docs(1-1262): Change addons -> integrations (#4523) 2023-09-14 15:27:51 +02:00
feature-toggle-variants.md doc: C++ client supports now feature toggle variants. (#5733) 2023-12-28 10:22:36 +01:00
feature-toggles.mdx refactor: move docs into new structure / fix links for SEO (#2416) 2022-11-22 09:05:30 +00:00
front-end-api.md feat: allow api token middleware to fetch from db (#6344) 2024-02-27 16:08:44 +01:00
impression-data.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
login-history.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
maintenance-mode.mdx docs: maintanance mode impact (#3858) 2023-05-25 08:28:05 +02:00
network-view.mdx Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
notifications.md feat: change request reject docs and step update (#4493) 2023-08-16 09:46:05 +02:00
playground.mdx Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
project-collaboration-mode.md feat: add private collaboration mode docs (#5750) 2024-01-04 10:48:02 +02:00
projects.md docs: project overview (#4176) 2023-07-07 11:50:54 +02:00
public-signup.mdx docs: custom root roles (#4451) 2023-08-10 08:21:58 +01:00
rbac.md docs: Added the new more fine-grained project permissions to the docs (#6000) 2024-01-23 14:13:03 +01:00
search-operators.md chore: add documentation to search filters/operators (#6088) 2024-01-31 13:28:15 +02:00
segments.mdx docs: document how segment conflicts are handled (#5577) 2023-12-11 11:47:23 +01:00
service-accounts.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00
sso.md docs: azure sso guide (#3431) 2023-05-25 08:37:39 +02:00
stickiness.md Docs: update stickiness docs (#3928) 2023-06-13 11:26:12 +03:00
strategy-constraints.md chore: Update strategy-constraints.md (#5360) 2023-11-17 13:01:48 +00:00
strategy-variants.md docs: variants reassignment (#5372) 2023-11-21 10:24:35 +01:00
tags.md refactor: move docs into new structure / fix links for SEO (#2416) 2022-11-22 09:05:30 +00:00
technical-debt.md fix: misc UI/UX fixes (#6241) 2024-02-15 08:17:11 +00:00
unleash-context.md Docs: update stickiness docs (#3928) 2023-06-13 11:26:12 +03:00
whats-new-v4.md Navigation refactor (#5227) 2023-10-31 09:38:03 -05:00