[Koha-bugs] [Bug 28787] Send a notice with the TOTP token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 6 17:53:14 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #21 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
I agree with Marcel that the endpoint route doesn't feel correct. In our API we
stick to using nouns instead of verbs (more RPC-ish).
So I'd suggest
POST /api/v1/auth/otp/token_delivery
I haven't read the patches yet, but I'd like to mention that, to me, OTP should
be generated in very specific cases and so our handling in V1/Auth.pm needs to
be very careful. Somehow, we need to identify a session that is in an
intermediate state: it already identified correctly but still needs a specific
action. So not any active session should be able to request a OTP.
As I said, I haven't reviewed this completely, so take it with a grain of salt.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list