Actions
Feature #1233
openAPI: External Authentication
Start date:
2020-05-10
Estimated time:
Description
External Authentication will be needed for projects who want a frontend without exposing all data (no public API).
For implementing an API authentication method see: Whitepaper, authentication-with-flask
To consider: webclients will request data so we can't e.g. just block IPs or similar.
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Description updated (diff)
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Status changed from New to Assigned
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Target version set to 208
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Description updated (diff)
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Subject changed from External Athentification to External Authentification
- Status changed from Assigned to Acknowledged
For the moment postponed!
Updated by Alexander Watzinger over 4 years ago
- Status changed from Acknowledged to Assigned
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Target version changed from 208 to Wishlist
Updated by Alexander Watzinger about 4 years ago
- Subject changed from External Authentification to API: External Authentification
- Status changed from Assigned to Acknowledged
- Assignee deleted (
Bernhard Koschiček-Krombholz)
Updated by Christoph Hoffmann about 4 years ago
- Subject changed from API: External Authentification to API: External Authentication
Updated by Bernhard Koschiček-Krombholz about 4 years ago
- Assignee set to Bernhard Koschiček-Krombholz
Updated by Alexander Watzinger about 4 years ago
- Description updated (diff)
- Status changed from Acknowledged to Assigned
- Target version changed from Wishlist to 208
Moving this from wishlist again because we'll need it for projects who want a frontend without exposing all data.
Updated by Alexander Watzinger about 4 years ago
I was thinking about the authentication issue. The API is either accessible (public) or not and authentication via frontend gets tricky because requests are sent from some web client.
We will have to solve this at some point but we can deal with it for now:- For testing we can use the Origins project, it has a small data set (so less likely performance issues) and the API is already set public.
- For concluded projects it shouldn't be a big issue, e.g. the demo versions MEDCON and DPP are already cleaned up data wise and open anyway (nevertheless we will ask for permission).
- THANADOS is a case where we have a public frontend but not all data should be accessible BUT because the THANADOS frontend uses Flask we could implement an IP restriction (#1377)
Updated by Bernhard Koschiček-Krombholz almost 4 years ago
- Related to Feature #1377: API: IP restrictions added
Updated by Alexander Watzinger about 2 years ago
- Status changed from Assigned to Acknowledged
- Assignee deleted (
Bernhard Koschiček-Krombholz) - Target version changed from 208 to Wishlist
Actions