phoss-smp icon indicating copy to clipboard operation
phoss-smp copied to clipboard

Published 20 hours ago verified publisher icon phax

Call Rest API with Access Token

Open sakasaka19 opened this issue 3 years ago • 5 comments

I want to call Rest API with Access Token that I made on Phoss-SMP. Can I call Rest API with Access Token ?

sakasaka19 avatar Feb 10 '22 09:02 sakasaka19

@sakasaka19 Very good input - thanks. Let me check what the implications are. In general I don't see an immediate problem.

You mean e.g. passing that via a custom HTTP header like

SMP-Token: <accessToken>

right?

Edit: this proposal is no longer valid. See below for a Bearer token approach

phax avatar Feb 10 '22 10:02 phax

I'm sorry to reply late. Yes. I want to passing that via a custom HTTP header.

I found the menu of user token management(Access Token) in GUI of SMP , So I thought that I can use access token in the place of HTTP Basic Auth(ID/Password Login). but I don't understand how to use Access Token in SMP.

sakasaka19 avatar Feb 14 '22 00:02 sakasaka19

Yes, the Access Token is foreseen in the security concept, but it can currently not be used to identify users via the API. I like this request and will see, if I can squeeze it into 5.6.0 release, but I am not 100% sure I find the time to do so

phax avatar Feb 14 '22 19:02 phax

OK. I'm looking forward to it. Thank you always.

sakasaka19 avatar Feb 15 '22 01:02 sakasaka19

Sorry, it doesn't make it in the 5.6.0 release

phax avatar Feb 22 '22 15:02 phax

The API token will be implemented like a Bearer Token. So the Authorization HTTP header with the keyword Bearer must be used as in the following example:

GET /api/anything HTTP/1.1
Host: phosssmp.example.org
Accept: application/xml
Authorization: Bearer {userToken}

phax avatar Feb 23 '23 15:02 phax

Part of SMP 6.0.7 release

phax avatar Feb 23 '23 21:02 phax