Hi Julian, we need to implement an OAuth2 server inside Koha, using Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for authenticating the API against a generic OAuth2 server (as a way to be able to test it :-D). I will file a bug very soon for that. My idea was then to implement the server...
OAuth2 proposes several authorization flows, and the plugin (actually the server library) implements all of them. [2] Hope it helps. I haven't managed to have the time to do it! [1] https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server [2] https://auth0.com/docs/api-auth/which-oauth-flow-to-use El mar., 27 feb. 2018 a las 12:04, Julian Maurice (< julian.maur...@biblibre.com>) escribió: > Hi all, > > As you may know [1], BibLibre is working on an interface between Koha > and Coral. To achieve that, Coral uses the Koha REST API. But we are > facing a problem that is becoming really blocking : the lack of a proper > authentication system for the REST API. > > At the moment, the only way to authenticate to the API is based on > cookies. It works well for client-side javascript inside Koha, but it's > not really usable by external clients. > > Is there someone here who use this API outside of Koha ? > If so, how do you authenticate to it ? > > I think we really need an authentication mechanism other than cookies, > so people can actually start using the API. > > There is bug 13920 [2] that hasn't moved since 8 months. I remember that > some people disagreed with this patchset because it is crafting a custom > authentication system instead of using some "standard" one (I remember > OAuth was mentioned). > Do you know of any "standard" auth system that we can implement, or > existing Perl libraries we can use ? > > > [1]: > > http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html > [2]: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920 > > -- > Julian Maurice <julian.maur...@biblibre.com> > BibLibre > _______________________________________________ > Koha-devel mailing list > Koha-devel@lists.koha-community.org > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : http://www.koha-community.org/ > git : http://git.koha-community.org/ > bugs : http://bugs.koha-community.org/ > -- Tomás Cohen Arazi Theke Solutions (https://theke.io <http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
