<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Symbol";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Julian, could you say more about how you want to authenticate with Koha?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>I’ve struggled in the past using OAuth2 for machine-to-machine authorization… although that Auth0 link that Tomas provided seems to suggest it is possible. Spotify uses OAuth2 for its REST API, and I had to do a bit of a workaround to get it working for machine-to-machine auth, but maybe that was an issue with their OAuth2 server or my lack of knowledge at the time. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>I’m guessing you might want to look at <a href="https://auth0.com/docs/api-auth/grant/client-credentials">https://auth0.com/docs/api-auth/grant/client-credentials</a>, although it depends on whether you want the end user to access their account in Koha interactively or if you’re just looking for a way of authenticating with Koha on the backend I think.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>I hadn’t heard of this flow before so I think I’ll have to look at it again when I one day have time for hobbies…<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>David Cook<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Systems Librarian<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Prosentient Systems<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>72/330 Wattle St<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Ultimo, NSW 2007<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Australia<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Office: 02 9212 0899<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Direct: 02 8005 0595<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> koha-devel-bounces@lists.koha-community.org [mailto:koha-devel-bounces@lists.koha-community.org] <b>On Behalf Of </b>Tomas Cohen Arazi<br><b>Sent:</b> Wednesday, 28 February 2018 2:15 AM<br><b>To:</b> Julian Maurice <julian.maurice@biblibre.com><br><b>Cc:</b> koha-devel@lists.koha-community.org<br><b>Subject:</b> Re: [Koha-devel] REST API authentication for external clients<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi Julian, we need to implement an OAuth2 server inside Koha, using Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for authenticating the API against a generic OAuth2 server (as a way to be able to test it :-D). I will file a bug very soon for that. My idea was then to implement the server...<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>OAuth2 proposes several authorization flows, and the plugin (actually the server library) implements all of them. [2]<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hope it helps. I haven't managed to have the time to do it!<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>[1] <a href="https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server">https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server</a><o:p></o:p></p></div></div><div><p class=MsoNormal>[2] <a href="https://auth0.com/docs/api-auth/which-oauth-flow-to-use">https://auth0.com/docs/api-auth/which-oauth-flow-to-use</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>El mar., 27 feb. 2018 a las 12:04, Julian Maurice (<<a href="mailto:julian.maurice@biblibre.com">julian.maurice@biblibre.com</a>>) escribió:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal>Hi all,<br><br>As you may know [1], BibLibre is working on an interface between Koha<br>and Coral. To achieve that, Coral uses the Koha REST API. But we are<br>facing a problem that is becoming really blocking : the lack of a proper<br>authentication system for the REST API.<br><br>At the moment, the only way to authenticate to the API is based on<br>cookies. It works well for client-side javascript inside Koha, but it's<br>not really usable by external clients.<br><br>Is there someone here who use this API outside of Koha ?<br>If so, how do you authenticate to it ?<br><br>I think we really need an authentication mechanism other than cookies,<br>so people can actually start using the API.<br><br>There is bug 13920 [2] that hasn't moved since 8 months. I remember that<br>some people disagreed with this patchset because it is crafting a custom<br>authentication system instead of using some "standard" one (I remember<br>OAuth was mentioned).<br>Do you know of any "standard" auth system that we can implement, or<br>existing Perl libraries we can use ?<br><br><br>[1]:<br><a href="http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html" target="_blank">http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html</a><br>[2]: <a href="https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920" target="_blank">https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920</a><br><br>--<br>Julian Maurice <<a href="mailto:julian.maurice@biblibre.com" target="_blank">julian.maurice@biblibre.com</a>><br>BibLibre<br>_______________________________________________<br>Koha-devel mailing list<br><a href="mailto:Koha-devel@lists.koha-community.org" target="_blank">Koha-devel@lists.koha-community.org</a><br><a href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel" target="_blank">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a><br>website : <a href="http://www.koha-community.org/" target="_blank">http://www.koha-community.org/</a><br>git : <a href="http://git.koha-community.org/" target="_blank">http://git.koha-community.org/</a><br>bugs : <a href="http://bugs.koha-community.org/" target="_blank">http://bugs.koha-community.org/</a><o:p></o:p></p></blockquote></div><p class=MsoNormal>-- <o:p></o:p></p><div><div><div><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Helvetica",sans-serif;color:#757575'>Tomás Cohen Arazi<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Helvetica",sans-serif;color:#757575'>Theke Solutions (<a href="http://theke.io/">https://theke.io</a>)<br></span><span style='font-size:9.5pt;font-family:"Segoe UI Symbol",sans-serif;color:#757575'>✆</span><span style='font-size:9.5pt;font-family:"Helvetica",sans-serif;color:#757575'> +54 9351 3513384<br>GPG: B2F3C15F<o:p></o:p></span></p></div></div></div></div></body></html>