[Koha-devel] REST API authentication for external clients

Tue Feb 27 23:21:36 CET 2018

Julian, could you say more about how you want to authenticate with Koha?

I’ve struggled in the past using OAuth2 for machine-to-machine authorization… although that Auth0 link that Tomas provided seems to suggest it is possible. Spotify uses OAuth2 for its REST API, and I had to do a bit of a workaround to get it working for machine-to-machine auth, but maybe that was an issue with their OAuth2 server or my lack of knowledge at the time. 

I’m guessing you might want to look at https://auth0.com/docs/api-auth/grant/client-credentials, although it depends on whether you want the end user to access their account in Koha interactively or if you’re just looking for a way of authenticating with Koha on the backend I think.

I hadn’t heard of this flow before so I think I’ll have to look at it again when I one day have time for hobbies…

David Cook

Systems Librarian

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

Office: 02 9212 0899

Direct: 02 8005 0595

From: koha-devel-bounces at lists.koha-community.org [mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of Tomas Cohen Arazi
Sent: Wednesday, 28 February 2018 2:15 AM
To: Julian Maurice <julian.maurice at biblibre.com>
Cc: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] REST API authentication for external clients

Hi Julian, we need to implement an OAuth2 server inside Koha, using Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for authenticating the API against a generic OAuth2 server (as a way to be able to test it :-D). I will file a bug very soon for that. My idea was then to implement the server...

OAuth2 proposes several authorization flows, and the plugin (actually the server library) implements all of them. [2]

Hope it helps. I haven't managed to have the time to do it!

[1] https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server

[2] https://auth0.com/docs/api-auth/which-oauth-flow-to-use

El mar., 27 feb. 2018 a las 12:04, Julian Maurice (<julian.maurice at biblibre.com <mailto:julian.maurice at biblibre.com> >) escribió:

Hi all,

As you may know [1], BibLibre is working on an interface between Koha
and Coral. To achieve that, Coral uses the Koha REST API. But we are
facing a problem that is becoming really blocking : the lack of a proper
authentication system for the REST API.

At the moment, the only way to authenticate to the API is based on
cookies. It works well for client-side javascript inside Koha, but it's
not really usable by external clients.

Is there someone here who use this API outside of Koha ?
If so, how do you authenticate to it ?

I think we really need an authentication mechanism other than cookies,
so people can actually start using the API.

There is bug 13920 [2] that hasn't moved since 8 months. I remember that
some people disagreed with this patchset because it is crafting a custom
authentication system instead of using some "standard" one (I remember
OAuth was mentioned).
Do you know of any "standard" auth system that we can implement, or
existing Perl libraries we can use ?

[1]:
http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html
[2]: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920

--
Julian Maurice <julian.maurice at biblibre.com <mailto:julian.maurice at biblibre.com> >
BibLibre
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org <mailto:Koha-devel at lists.koha-community.org> 
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

-- 

Tomás Cohen Arazi

Theke Solutions (https://theke.io <http://theke.io/> )
✆ +54 9351 3513384
GPG: B2F3C15F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20180228/07d9a7a4/attachment.html>