Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Scoped API tokens

Scoped API tokens

Scheduled Pinned Locked Moved Feature Requests
apitoken
1 Posts 1 Posters 729 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F Offline
    F Offline
    fiwand
    wrote on last edited by girish
    #1

    Access tokens currently inherit the full set of permissions from their owners. We'd love to be able to limit the routes that can be accessed by an individual token.

    Proposed solution

    Since predefined scopes are difficult to get right, we propose to instead support a path-based allowlist for a token (as a multiline plain text) in the "Create API Token" modal, where each line specifies an allowlisted route, possibly with wildcards for individual segments. Example:

    GET /api/v1/cloudron/graphs
GET /api/v1/notifications
GET /api/v1/notifications/*
GET /api/v1/apps/*/logs

    Note: The inclusion of the base path and syntax for wildcards or patterns may need some further discussion.

    Use cases

    • Custom dashboards: We created a custom dashboard in Observable where we consume the apps and cloudron/graphs routes. This dashboard cannot currently be shared with users who have a lower access privilege as it would expose an admin-level token.
    • CI/CD hardening: We are currently investigating how we can reduce the risk of privilege escalation in a CI/CD environment. An admin-level token is currently used to create and tear down staging apps, and to configure their aliases. Once Cloudron 6.4 has been released we might also assign operators this way. Restricting routes may offer some level of risk reduction should a user gain access to the token.

    Alternatives

    We might be able to set up an HTTP proxy as API middleman. The proxy would be configured with an admin-level token, but would manage an internal set of tokens with their own set of retrictions.

    1 Reply Last reply
    5

    Hello! It looks like you're interested in this conversation, but you don't have an account yet.

    Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

    With your input, this post could be even better 💗

    Register Login
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • Bookmarks
    • Search