Skip to content

[FR] Allow user to authenticate using basic auth credentials or using app token #151

Description

@godovski

I have deployed the linkding service behind a reverse proxy integrated with Authelia. In the current application token authentication model, the base url/api path needs to be bypassed and the token is validated by the linkding service.

Thus the incoming traffic cannot be regulated (to protect against DoS etc).

It would be a network security improvement if the extension alternatively supported login by basic auth (user-password) to satisfy one-factor authentication for extension users. Since the app token is only validated in the linkding backend, the token cannot be used for border authentication.

If the user supplied credentials for single factor authentication, the backend would have to check for presence of logged-in user, e.g. REMOTE_USER header as alternative means to application token in /api handler.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions