Julian, could you say more about how you want to authenticate with Koha?
I’ve struggled in the past using OAuth2 for machine-to-machine authorization… although that Auth0 link that Tomas provided seems to suggest it is possible. Spotify uses OAuth2 for its REST API, and I had to do a bit of a workaround to get it working for machine-to-machine auth, but maybe that was an issue with their OAuth2 server or my lack of knowledge at the time. I’m guessing you might want to look at https://auth0.com/docs/api-auth/grant/client-credentials, although it depends on whether you want the end user to access their account in Koha interactively or if you’re just looking for a way of authenticating with Koha on the backend I think. I hadn’t heard of this flow before so I think I’ll have to look at it again when I one day have time for hobbies… David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Direct: 02 8005 0595 From: koha-devel-boun...@lists.koha-community.org [mailto:koha-devel-boun...@lists.koha-community.org] On Behalf Of Tomas Cohen Arazi Sent: Wednesday, 28 February 2018 2:15 AM To: Julian Maurice <julian.maur...@biblibre.com> Cc: koha-devel@lists.koha-community.org Subject: Re: [Koha-devel] REST API authentication for external clients Hi Julian, we need to implement an OAuth2 server inside Koha, using Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for authenticating the API against a generic OAuth2 server (as a way to be able to test it :-D). I will file a bug very soon for that. My idea was then to implement the server... OAuth2 proposes several authorization flows, and the plugin (actually the server library) implements all of them. [2] Hope it helps. I haven't managed to have the time to do it! [1] https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server [2] https://auth0.com/docs/api-auth/which-oauth-flow-to-use El mar., 27 feb. 2018 a las 12:04, Julian Maurice (<julian.maur...@biblibre.com <mailto:julian.maur...@biblibre.com> >) escribió: Hi all, As you may know [1], BibLibre is working on an interface between Koha and Coral. To achieve that, Coral uses the Koha REST API. But we are facing a problem that is becoming really blocking : the lack of a proper authentication system for the REST API. At the moment, the only way to authenticate to the API is based on cookies. It works well for client-side javascript inside Koha, but it's not really usable by external clients. Is there someone here who use this API outside of Koha ? If so, how do you authenticate to it ? I think we really need an authentication mechanism other than cookies, so people can actually start using the API. There is bug 13920 [2] that hasn't moved since 8 months. I remember that some people disagreed with this patchset because it is crafting a custom authentication system instead of using some "standard" one (I remember OAuth was mentioned). Do you know of any "standard" auth system that we can implement, or existing Perl libraries we can use ? [1]: http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html [2]: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920 -- Julian Maurice <julian.maur...@biblibre.com <mailto:julian.maur...@biblibre.com> > BibLibre _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org <mailto:Koha-devel@lists.koha-community.org> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/ -- Tomás Cohen Arazi Theke Solutions (https://theke.io <http://theke.io/> ) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
