[Koha-devel] REST API authentication for external clients
Tomas Cohen Arazi
tomascohen at gmail.com
Tue Feb 27 16:15:02 CET 2018
Hi Julian, we need to implement an OAuth2 server inside Koha, using
Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for
authenticating the API against a generic OAuth2 server (as a way to be able
to test it :-D). I will file a bug very soon for that. My idea was then to
implement the server...
OAuth2 proposes several authorization flows, and the plugin (actually the
server library) implements all of them. [2]
Hope it helps. I haven't managed to have the time to do it!
[1] https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server
[2] https://auth0.com/docs/api-auth/which-oauth-flow-to-use
El mar., 27 feb. 2018 a las 12:04, Julian Maurice (<
julian.maurice at biblibre.com>) escribió:
> Hi all,
>
> As you may know [1], BibLibre is working on an interface between Koha
> and Coral. To achieve that, Coral uses the Koha REST API. But we are
> facing a problem that is becoming really blocking : the lack of a proper
> authentication system for the REST API.
>
> At the moment, the only way to authenticate to the API is based on
> cookies. It works well for client-side javascript inside Koha, but it's
> not really usable by external clients.
>
> Is there someone here who use this API outside of Koha ?
> If so, how do you authenticate to it ?
>
> I think we really need an authentication mechanism other than cookies,
> so people can actually start using the API.
>
> There is bug 13920 [2] that hasn't moved since 8 months. I remember that
> some people disagreed with this patchset because it is crafting a custom
> authentication system instead of using some "standard" one (I remember
> OAuth was mentioned).
> Do you know of any "standard" auth system that we can implement, or
> existing Perl libraries we can use ?
>
>
> [1]:
>
> http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html
> [2]: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920
>
> --
> Julian Maurice <julian.maurice at biblibre.com>
> BibLibre
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
--
Tomás Cohen Arazi
Theke Solutions (https://theke.io <http://theke.io/>)
✆ +54 9351 3513384
GPG: B2F3C15F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20180227/9163854b/attachment.html>
More information about the Koha-devel
mailing list