Description
Enable the source.coop web application to upload files (including large files via multipart upload) directly through the data proxy using STS credentials obtained in the browser.
Currently, uploads go through a different path. This aligns browser uploads with the same authenticated S3 API path that CLI and SDK users follow.
Key Requirements
- Browser auth flow: The browser holds the Ory session token → exchanges it at
/.sts using the user's _default Role → obtains short-lived SigV4 credentials
- Client-side S3 calls: Use the SigV4 credentials to make S3 API calls directly from the browser to data.source.coop
- Multipart upload support:
- Chunked upload for large files (configurable part size)
- Progress tracking in the UI
- Resume/retry on part failure
- Abort on user cancellation
- CORS configuration: data.source.coop must allow cross-origin requests from source.coop origins
- UI integration: Upload interface in the product management views on source.coop
References
- ADR-004 — Next.js and Front-End Authentication section (browser auth flow)
Description
Enable the source.coop web application to upload files (including large files via multipart upload) directly through the data proxy using STS credentials obtained in the browser.
Currently, uploads go through a different path. This aligns browser uploads with the same authenticated S3 API path that CLI and SDK users follow.
Key Requirements
/.stsusing the user's_defaultRole → obtains short-lived SigV4 credentialsReferences