[Koha-bugs] [Bug 20402] Implement OAuth2 authentication for REST API

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Apr 20 10:08:47 CEST 2018 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #52 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Comment on attachment 74380
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74380
Bug 20402: Implement OAuth2 authentication for REST API

Review of attachment 74380:
 --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=20402&attachment=74380)
-----------------------------------------------------------------

::: Koha/REST/V1/Auth.pm
@@ +116,5 @@
> +    if (my $oauth = $c->oauth) {
> +        my $clients = C4::Context->config('api_client');
> +        $clients = [ $clients ] unless ref $clients eq 'ARRAY';
> +        my ($client) = grep { $_->{client_id} eq $oauth->{client_id} } @$clients;
> +

Actually.. I'm confused.. why do we check against the clients array for a
second time.. We've already tested against this at the 'issue a token' stage..
or is this your idea of 'revoking a client'?

--- Comment #53 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Comment on attachment 74380
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74380
Bug 20402: Implement OAuth2 authentication for REST API

Review of attachment 74380:
 --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=20402&attachment=74380)
-----------------------------------------------------------------

::: Koha/REST/V1/Auth.pm
@@ +116,5 @@
> +    if (my $oauth = $c->oauth) {
> +        my $clients = C4::Context->config('api_client');
> +        $clients = [ $clients ] unless ref $clients eq 'ARRAY';
> +        my ($client) = grep { $_->{client_id} eq $oauth->{client_id} } @$clients;
> +

Actually.. I'm confused.. why do we check against the clients array for a
second time.. We've already tested against this at the 'issue a token' stage..
or is this your idea of 'revoking a client'?

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list