I am looking to be able to POST the URL, username and password to the Browser to get it to seamlessly authenticate.
I should add that what I'm looking to achieve is to pass a JWT in the password which will be validated by a custom auth provider.
However, the Browser uses React and the login form, as far as I can tell, is just initializing the JS bolt connection internally within the JS runtime.
It does appear that there is some functionality in the E2E tests that might facilitate this with Cypress, but that looks like a test-time only solution.
The following is a GET, obviously, but it illustrates what I'm trying to achieve:
Hi Rob (good to see your name come across!
This has been a super long time. Have you made progress here?
We used to sorta implement this with the Sandbox. We have a custom auth provider that validates JWTs. However, we passed the JWT into https://myserver:7473/ (which our proxy handled instead of passing that URL into Neo4j). On that page, we set the browser Local Storage objects with the credentials on that host, which were then picked up by the browser when we redirected to the browser.
PS Would love it if you could introduce yourself to the rest of the Neo4j team and community over in that forum: https://community.neo4j.com/c/general/introduce-yourself
Thanks for the response Ryan. This makes sense.
I think that if there was a url on the browser's HTTP(s) endpoint that accepted bolt URL, username, password, and a next URL, that a lot of this would be easier for customers.
This could almost accomplished with an unmanaged server extension but I'm not sure if there is an option for those extensions to respond without authentication. Do you know if there is?
In any case, I think this would go a long way to making Neo4j more accessible inside an enterprise environment.
Have also considered writing an HTTP+BOLT proxy to facilitate all of this. I guess that's what you did for the Sandbox. Before BOLT came around, we did this for the HTTP(s) endpoint and it worked pretty well, since our app could decide whether to send the request to neo4j based on the session state that it already has. BOLT makes this a bit more complicated.
It looks like Nigel Small put a PoC for this together in python:
Just responded to @d.murali in another thread, but there is a way to pass in credentials for the browser.
Take a look here:
I haven't yet tried to do this with a JWT, but I don't see why it wouldn't work. Certainly would be more secure (due to time limitation) than passing a password.
Is there any way to encrypt the password and send in the url query string.
In my requirement I would be navigating to the neo4j browser url from a reactjs application,