Excerpts from Katrin Fischer's message of 2018-10-14 12:02:44 +0200:
reading your use case made me think of some open bugs we have, the first being maybe a similar use case to yours:
*BugĀ 16694* <https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694> - Limit SIP2 auth by patron attribute
Thank you for that! It's very similar, except that our use case is more complicated than I said. It turns out our library has to deal with two different services in the SIP2 code. One service is Kanopy, as I mentioned; the other is a consortium connected to Overdrive that provides ebooks and audio books. Each service has to be handled slightly differently, perhaps using a separate patron attribute for each. We need to find out which service is performing the SIP2 request by examining the client IP address. In the bug mentioned above, Marcel suggested putting the validation code in Patron.pm. But our very site-specific complications led me to think of putting the validation code into a plugin.