Refactor Bearer Auth

[gevorgmansuryan]

No description provided.

[luke-]

@gevorgmansuryan Thanks, looks very good!

The current admin config is already very overloaded as we have a many options here. What do you think about splitting/rebuilding it a bit

E.g.

• Tabs for the different features

  • General (Enabled Users)
  • Authentication
  • Modules

• Maybe we can leave out the checkbox for "Bearer Auth". If no tokens have been created, it is not active.

• Maybe don't auto generate JWT Key. And leave empty for disable JWT Auth.

---

Other points:

• Adjust documentation for new auths
• Tests for different auths

[gevorgmansuryan]

@luke- Okay Will be done. What if we make jwt auth configurable and add enableJwtAuth checkbox like others?

[luke-]

@gevorgmansuryan Thanks, looks really nice.

Here some points:

Tests & Swagger Docs would also be good, especially for the tokens.

[gevorgmansuryan]

@luke- Enabled users used for JWT auth only.

[luke-]

@gevorgmansuryan

@luke- Enabled users used for JWT auth only.

This means that with Basic Auth all users are currently always enabled? I think it would be good to change this, and with authentication by Username & Password (Basic Auth & JWT), always allow the activated users or if checked all users.

• Maybe we should also add a hint that, the users are used for these auth modes.

[gevorgmansuryan]

@luke-

This means that with Basic Auth all users are currently always enabled?

Yes, it's always worked in this way

Okay Will add user check for Basic Auth too, + hint

[gevorgmansuryan]

@luke-

query param auth

Yes. It will work when bearer auth is enabled.
When bearer auth checkbox is unchecked it will uncheck too. It is not possible to check query param auth checkbox without checking bearer auth checkbox

[gevorgmansuryan]

@luke-

[luke-]

@gevorgmansuryan Can you please check the tests?

Currently only this test should fail: #114

@luke-

@gevorgmansuryan Looks very good. Thank you!