[Koha-devel] REST API authentication for external clients

Julian Maurice julian.maurice at biblibre.com
Fri Mar 2 11:09:52 CET 2018 

I think a machine-to-machine authentication is what fits better for
Koha-Coral interface, but anything that doesn't require end-user
interaction would be good.

I guess I'll have to do some reading about OAuth :)

Thanks.

Le 27/02/2018 à 23:21, David Cook a écrit :
> Julian, could you say more about how you want to authenticate with Koha?
> 
>  
> 
> I’ve struggled in the past using OAuth2 for machine-to-machine
> authorization… although that Auth0 link that Tomas provided seems to
> suggest it is possible. Spotify uses OAuth2 for its REST API, and I had
> to do a bit of a workaround to get it working for machine-to-machine
> auth, but maybe that was an issue with their OAuth2 server or my lack of
> knowledge at the time.
> 
>  
> 
> I’m guessing you might want to look at
> https://auth0.com/docs/api-auth/grant/client-credentials, although it
> depends on whether you want the end user to access their account in Koha
> interactively or if you’re just looking for a way of authenticating with
> Koha on the backend I think.
> 
>  
> 
> I hadn’t heard of this flow before so I think I’ll have to look at it
> again when I one day have time for hobbies…
> 
>  
> 
> David Cook
> 
> Systems Librarian
> 
> Prosentient Systems
> 
> 72/330 Wattle St
> 
> Ultimo, NSW 2007
> 
> Australia
> 
>  
> 
> Office: 02 9212 0899
> 
> Direct: 02 8005 0595
> 
>  
> 
> *From:*koha-devel-bounces at lists.koha-community.org
> [mailto:koha-devel-bounces at lists.koha-community.org] *On Behalf Of
> *Tomas Cohen Arazi
> *Sent:* Wednesday, 28 February 2018 2:15 AM
> *To:* Julian Maurice <julian.maurice at biblibre.com>
> *Cc:* koha-devel at lists.koha-community.org
> *Subject:* Re: [Koha-devel] REST API authentication for external clients
> 
>  
> 
> Hi Julian, we need to implement an OAuth2 server inside Koha, using
> Mojolicious::Plugin::OAuth2::Server [1]. I've worked on an endpoint for
> authenticating the API against a generic OAuth2 server (as a way to be
> able to test it :-D). I will file a bug very soon for that. My idea was
> then to implement the server...
> 
>  
> 
> OAuth2 proposes several authorization flows, and the plugin (actually
> the server library) implements all of them. [2]
> 
>  
> 
> Hope it helps. I haven't managed to have the time to do it!
> 
>  
> 
> [1] https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server
> 
> [2] https://auth0.com/docs/api-auth/which-oauth-flow-to-use
> 
>  
> 
>  
> 
> El mar., 27 feb. 2018 a las 12:04, Julian Maurice
> (<julian.maurice at biblibre.com <mailto:julian.maurice at biblibre.com>>)
> escribió:
> 
>     Hi all,
> 
>     As you may know [1], BibLibre is working on an interface between Koha
>     and Coral. To achieve that, Coral uses the Koha REST API. But we are
>     facing a problem that is becoming really blocking : the lack of a proper
>     authentication system for the REST API.
> 
>     At the moment, the only way to authenticate to the API is based on
>     cookies. It works well for client-side javascript inside Koha, but it's
>     not really usable by external clients.
> 
>     Is there someone here who use this API outside of Koha ?
>     If so, how do you authenticate to it ?
> 
>     I think we really need an authentication mechanism other than cookies,
>     so people can actually start using the API.
> 
>     There is bug 13920 [2] that hasn't moved since 8 months. I remember that
>     some people disagreed with this patchset because it is crafting a custom
>     authentication system instead of using some "standard" one (I remember
>     OAuth was mentioned).
>     Do you know of any "standard" auth system that we can implement, or
>     existing Perl libraries we can use ?
> 
> 
>     [1]:
>     http://lists.koha-community.org/pipermail/koha-devel/2017-January/043430.html
>     [2]: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13920
> 
>     --
>     Julian Maurice <julian.maurice at biblibre.com
>     <mailto:julian.maurice at biblibre.com>>
>     BibLibre
>     _______________________________________________
>     Koha-devel mailing list
>     Koha-devel at lists.koha-community.org
>     <mailto:Koha-devel at lists.koha-community.org>
>     http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>     website : http://www.koha-community.org/
>     git : http://git.koha-community.org/
>     bugs : http://bugs.koha-community.org/
> 
> -- 
> 
> Tomás Cohen Arazi
> 
> Theke Solutions (https://theke.io <http://theke.io/>)
> ✆+54 9351 3513384
> GPG: B2F3C15F
> 

-- 
Julian Maurice <julian.maurice at biblibre.com>
BibLibre

More information about the Koha-devel mailing list