api icon indicating copy to clipboard operation
api copied to clipboard

Published 20 hours ago verified publisher icon IIIF

Initial Auth 2 pass for 2035 and 2108: drop clickthrough and non-cookie authorisation

Open tomcrane opened this issue 3 years ago • 1 comments
trafficstars

I had intended to do these separately but the PRs would have been so tortuous and conditional that it would have been hard to read.

Preview: https://preview.iiif.io/api/auth2-2035-drop-clickthrough/auth/2.0/

#2035 - remove the clickthrough pattern as an explicit profile User interaction (a user gesture) is required regardless.

#2108 - allow for other criteria for authorisation, based on aspects of the request such as IP address. There is still a lot of work to do to improve clarity here.

This PR is on the low-hanging fruit branch, which ideally is considered first; this could then be changed to target the branch https://github.com/IIIF/api/tree/auth2.0-milestone

tomcrane avatar Mar 29 '22 15:03 tomcrane

This PR also renames :

Access Cookie Service -> Access Service Login -> Interactive

Discusses concept of user gesture being necessary if the aspect of the request that will be used to make auth decisions is a cookie Introduces concept of “aspect of the request”

tomcrane avatar Aug 16 '22 10:08 tomcrane

Closed as superseded by #2127

tomcrane avatar Feb 27 '23 15:02 tomcrane