pupperino Comments

I saw in an earlier message that there are a couple of IP addresses associated w/ the Cloud but I assume those are IP addresses for everybody, so if a malicious actor got a hold of the API endpoint, created a WM script, they could hit the endpoint still

20 replies

WWindmill

•Created by pupperino on 6/25/2024 in #help

Google Auth Tokens Exposed?

Suppose a dev would like to use WM App as an internal admin tool that allows for basic CRUD operations on something like User preferences. If the server/DB is externally hosted and the dev would just like to use WM as a UI App to make calls to the API endpoints exposed by the server, but don't want to allow just anybody to make the API call publicly

20 replies

WWindmill

•Created by pupperino on 6/25/2024 in #help

Google Auth Tokens Exposed?

Seems like it would be a good enhancement, especially if users are trying to integrate sensitive DB data with internal admin UI tooling offered by WM

20 replies

WWindmill

•Created by pupperino on 6/25/2024 in #help

Google Auth Tokens Exposed?

Yeah hoping to have some lightweight way to verify that whoever is pinging the server is indeed who they claim to be

20 replies

WWindmill

•Created by pupperino on 6/25/2024 in #help

Google Auth Tokens Exposed?

Yeah slightly different use-case. After OAuth flow on Windmill, is there a way to send over any form of auth token (maybe generated from Google via Windmill scripts) to the API, which will verify the user using something like google-auth-library

20 replies