I'm trying to simplify logging into the Hashicorp Vault UI (https://learn.hashicorp.com/vault/getting-started/ui) when using Google Chrome.
I created a simple Chrome extension that uses chrome.identity.getAuthToken, signs a JWT claim against the service account I want to use, and auth's against the vault GCP auth method to get an access token. I'd like to redirect to the Vault UI and populate the token field with the token and click the Submit button for the user automatically.
However, when I click on the Submit field automatically I receive a permission denied, because I'm not sending the X-Vault-Token header with the automated click.
If I go through the flow, populate the token field and have the user click on the token field and then click on Submit, the relevant header is added to the form submission.
It's not immediately clear to me where the X-Vault-Token header is getting added and if this is a vault or ember.js interaction, and if this can be overcome systematically. Is this possible?
Aucun commentaire:
Enregistrer un commentaire