[Koha-bugs] [Bug 25796] New: Allow REST API to use external OAuth2 authorization server
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jun 18 05:35:48 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25796
Bug ID: 25796
Summary: Allow REST API to use external OAuth2 authorization
server
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: REST API
Assignee: koha-bugs at lists.koha-community.org
Reporter: dcook at prosentient.com.au
At the moment, Koha's REST API only validates tokens using the embedded
authorization server Net::OAuth2::AuthorizationServer.
It would be great if Koha were configured to use an external authorization
server (like Keycloak).
We could redirect the /token endpoint to Keycloak, or just require consumers to
query Keycloak directly for access tokens I suppose.
Then we'd set up Koha to either embed (or more sustainably fetch) Keycloak's
public key in order to verify that the access token is coming from Keycloak.
We'd then do further token validation (to make sure it's not expired, it's for
the correct audience, etc).
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list