On 2/3/26 15:24, Jan Høydahl wrote:
The plugin is NOT intended as a pre-shared secret auth. For that you can use
basic.
Look at the «jwk» config property, it allows you to hard code list of public
signing keys, and then avoid a full OAuth setup. Your app will just need to
sign the jwt token with a valid private key and Solr will accept it.
OK, thanks, that doesn't look any easier than basic auth.
A follow-up question: are the "predefined permissions" documented
somewhere? -- I see "security-read" and "security-edit" in TFM and
that's about all I can find.
Thanks again,
Dima
