Oauth and ES tokens

Zachary_Buckholz · October 7, 2014, 9:15pm

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b32c7fde-c129-47df-8e9f-a6b8978b6c3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

karmi · October 8, 2014, 5:13am

Hi,

what you're looking for is a proxy which can communicate with an OAuth
provider, with an OAuth provider (such as "Google+ Sign-In", "Sign in with
Twitter", etc), verify the cookies, and pass requests between the browser
and Elasticsearch. (See this
diagram: Elasticsearch Platform — Find real-time answers at scale | Elastic)

There's a full-featured example of such proxy here:
Ember.js application with elasticsearch persistence and Goliath based proxy [http://www.elasticsearch.org/tutorials/2012/08/22/javascript-web-applications-and-elasticsearch.html] · GitHub, written in Ruby, using
the Goliath library. It was written for the following article on the
Elasticsearch.org blog, which you might find useful for getting an overview
of concepts and techniques (though it's using Ember.js and not Angular):

-->

For a heavy-loaded system, you should consider using Nginx as the proxy,
implementing the OAuth support via the Lua integration. See this article
for a full
example: Yak Shaving: Adding OAuth Support to Nginx via Lua - ChairNerd
(See this article for general overview of using Nginx together with
Elasticsearch: Elasticsearch Platform — Find real-time answers at scale | Elastic)

Karel

On Tuesday, October 7, 2014 11:15:34 PM UTC+2, Zachary Buckholz wrote:

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f999aa2b-9b55-4d0e-8404-d6bc69edadbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Zachary_Buckholz · October 8, 2014, 3:48pm

Thank you for the detailed response.

On Tuesday, October 7, 2014 10:13:04 PM UTC-7, Karel Minařík wrote:

Hi,

what you're looking for is a proxy which can communicate with an OAuth
provider, with an OAuth provider (such as "Google+ Sign-In", "Sign in with
Twitter", etc), verify the cookies, and pass requests between the browser
and Elasticsearch. (See this diagram:
Elasticsearch Platform — Find real-time answers at scale | Elastic
)

There's a full-featured example of such proxy here:
Ember.js application with elasticsearch persistence and Goliath based proxy [http://www.elasticsearch.org/tutorials/2012/08/22/javascript-web-applications-and-elasticsearch.html] · GitHub, written in Ruby,
using the Goliath library. It was written for the following article on the
Elasticsearch.org blog, which you might find useful for getting an overview
of concepts and techniques (though it's using Ember.js and not Angular):

-->
Elasticsearch Platform — Find real-time answers at scale | Elastic

For a heavy-loaded system, you should consider using Nginx as the proxy,
implementing the OAuth support via the Lua integration. See this article
for a full example:
Yak Shaving: Adding OAuth Support to Nginx via Lua - ChairNerd (See this
article for general overview of using Nginx together with Elasticsearch:
Elasticsearch Platform — Find real-time answers at scale | Elastic)

Karel

On Tuesday, October 7, 2014 11:15:34 PM UTC+2, Zachary Buckholz wrote:

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7c54c447-1eb7-4d9a-a76e-2e9b1ca2d24b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.