Oauth and ES tokens

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b32c7fde-c129-47df-8e9f-a6b8978b6c3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi,

what you're looking for is a proxy which can communicate with an OAuth
provider, with an OAuth provider (such as "Google+ Sign-In", "Sign in with
Twitter", etc), verify the cookies, and pass requests between the browser
and Elasticsearch. (See this
diagram: http://www.elasticsearch.org/content/themes/elasticsearch-org/images/content/elasticsearch-and-ember-js/notes-app-architecture.png)

There's a full-featured example of such proxy here:
https://gist.github.com/karmi/3369662#file-proxy-rb, written in Ruby, using
the Goliath library. It was written for the following article on the
Elasticsearch.org blog, which you might find useful for getting an overview
of concepts and techniques (though it's using Ember.js and not Angular):

-->
http://www.elasticsearch.org/tutorials/javascript-web-applications-and-elasticsearch/

For a heavy-loaded system, you should consider using Nginx as the proxy,
implementing the OAuth support via the Lua integration. See this article
for a full
example: http://chairnerd.seatgeek.com/oauth-support-for-nginx-with-lua/
(See this article for general overview of using Nginx together with
Elasticsearch: http://www.elasticsearch.org/blog/playing-http-tricks-nginx/)

Karel

On Tuesday, October 7, 2014 11:15:34 PM UTC+2, Zachary Buckholz wrote:

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f999aa2b-9b55-4d0e-8404-d6bc69edadbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thank you for the detailed response.

On Tuesday, October 7, 2014 10:13:04 PM UTC-7, Karel Minařík wrote:

Hi,

what you're looking for is a proxy which can communicate with an OAuth
provider, with an OAuth provider (such as "Google+ Sign-In", "Sign in with
Twitter", etc), verify the cookies, and pass requests between the browser
and Elasticsearch. (See this diagram:
http://www.elasticsearch.org/content/themes/elasticsearch-org/images/content/elasticsearch-and-ember-js/notes-app-architecture.png
)

There's a full-featured example of such proxy here:
https://gist.github.com/karmi/3369662#file-proxy-rb, written in Ruby,
using the Goliath library. It was written for the following article on the
Elasticsearch.org blog, which you might find useful for getting an overview
of concepts and techniques (though it's using Ember.js and not Angular):

-->
http://www.elasticsearch.org/tutorials/javascript-web-applications-and-elasticsearch/

For a heavy-loaded system, you should consider using Nginx as the proxy,
implementing the OAuth support via the Lua integration. See this article
for a full example:
http://chairnerd.seatgeek.com/oauth-support-for-nginx-with-lua/ (See this
article for general overview of using Nginx together with Elasticsearch:
http://www.elasticsearch.org/blog/playing-http-tricks-nginx/)

Karel

On Tuesday, October 7, 2014 11:15:34 PM UTC+2, Zachary Buckholz wrote:

Is there any work being done to integrating a token lookup service within
ES to see if a request is authorized?

I'd like to implement an angularjs application that is exposed to the
public internet, and at the same time has direct access to ES; with each
query being encapsulated with a token request and signed.

Thanks
Zach

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7c54c447-1eb7-4d9a-a76e-2e9b1ca2d24b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.