[Koha-bugs] [Bug 25796] Allow REST API to use external OAuth2 authorization server
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 28 06:47:13 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25796
--- Comment #2 from David Cook <dcook at prosentient.com.au> ---
Here's another thought:
If Koha and other applications used Keycloak for SSO, the id_token and refresh
token could be saved, and used beyond the initial login.
For instance, a user logs into MyApp, which redirects them to Keycloak and back
to MyApp. They click "Place a Hold" on an item in MyApp, which then sends an
API request with id_token to Koha.
Koha takes the id_token and validates it against Keycloak. If it's valid, API
request proceeds. If it's invalid, it spits out a 401.
MyApp could verify the id_token ahead of time or re-try after using the refresh
token to get a new id_token. That's irrelevant right now.
--
The only difficulty I have in mind at the moment is... how does Koha know which
IdP to query with the id_token? It's easy if your Koha is only set up with one
IdP. With more than one, it would be more complicated...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list