[Koha-bugs] [Bug 20402] Implement OAuth2 authentication for REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 21 17:09:32 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402
--- Comment #16 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to Julian Maurice from comment #15)
> (In reply to Tomás Cohen Arazi from comment #14)
> > - I think the way scopes are defined needs more thinking, also its relation
> > to permissions. The patchset adds patrons.read but I'm sure we need a spec
> > on how this are defined and documented.
> I agree. It looks like OpenAPI spec covers that
> (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.
> md#securityDefinitionsObject) but I'm not sure if we can and should use this.
>
> About relation to permissions, do you think we should have 1:1 relationship
> between scopes and permissions ?
I think our permissions granularity is not enough for that. But I would like to
see a spec to discuss about how scopes would be defined, having a catalog of
them, etc.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list