How to check whether user authorized or not when onChange of route event in kibana 7.8 OSS version

Jayanth_Mogadampalli · September 3, 2020, 5:06pm

Right now, I am using elastic/kibana 7.8 OSS version code
I am trying to implement authentication using Google auth by developing a plugin.
Now for protecting routes, how to listen to route changes in kibana from a plugin
for detecting route change we implemented that in following way by adding isAuth() in src/core/public/application/app_router.tsx file:

     {[...mounters]
      // legacy apps can have multiple sub-apps registered with the same route
      // which needs additional logic that is handled in the catch-all route below
      .filter(([_, mounter]) => !mounter.legacy)
      .map(([appId, mounter]) => (
        <Route
          key={mounter.appRoute}
          path={mounter.appRoute}
          render={({ match: { url } }) =>
            isAuth() ? (
              <AppContainer
                appPath={url}
                appStatus={appStatuses.get(appId) ?? AppStatus.inaccessible}
                createScopedHistory={createScopedHistory}
                {...{ appId, mounter, setAppLeaveHandler, setIsMounting }}
              />
            ) : (
              <Redirect to="/app/auth" />
            )
          }
        />
      ))}

But even when user is not logged in by checking with isAuth() it is not directing to /auth route
Can anybody help me to solve this issue or provide code for authorization of routes!

rashmi · September 4, 2020, 5:48am

cc @Larry_Gregory might know the answer - he will shed some light when he gets a chance

Thanks
Rashmi

Jayanth_Mogadampalli · September 4, 2020, 7:21am

Every route enters isAuth() function before displaying component in that route
But while routing to '/app/kibana', it is not entering isAuth() before rendering the component
Where to authorize '/app/kibana' path before rendering the component

Larry_Gregory · September 8, 2020, 10:55am

It looks like the core application service exposes an Observable of the current application id via core.application.currentAppId$. You can use this to listen for app changes, and if that happens, run your own code.

If you need to redirect, you can then use the core.application.navigateToUrl or core.application.navigateToApp to send the user to your own auth page.

I must warn you though, that enforcing authentication and authorization via client-side mechanisms is not a secure approach. A much better approach would be to implement this on both the client and server side in order to enforce access control. The scope if that work isn't something I can help you with over the discussion boards, but I can help answer any direct questions in followup posts.

Jayanth_Mogadampalli · September 8, 2020, 11:42am

We are looking to authenticate routes based on cookie, what is the best approach to do ?
In which file in kibana we can listen to on route change or do authentication onRoute change?

vvvprabhakar · September 8, 2020, 11:41am

Even i looking for something like this .
Whenever i click on any link or try to navigate to any route i want to have a check for that route , I am using OSS and i want this functionality across the app

Which place to do it ?
Its like check on reach route, before navigate to that route
Any help

vvvprabhakar · September 8, 2020, 11:45am

Or a common place across the routes, onroutechange start which used to be in previous version of kibana
i want a place where i can call a function on every route change