https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40023 --- Comment #7 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- (In reply to David Cook from comment #6)
Currently looking at the output of /api/v1/patrons/{patron_id} and noticing it includes "overdrive_auth_token" although that's not defined in Koha::Patron::to_api_mapping(). "login_attempts" as well. "staff_notes"... I'd say those shouldn't shared with a third-party system.
--
The API is in a weird place at the moment. It's not clear what services are expected to be used only by Koha and which are meant to be used by third-parties, and I think that presents some of the issues around privacy and security...
We need to move all credentials to their own table. The API exposes our design issues. -- You are receiving this mail because: You are watching all bug changes.