Project

General

Profile

Feature #1233

API: External Authentication

Added by Bernhard Koschicek 6 months ago. Updated 28 days ago.

Status:
Assigned
Priority:
Low
Category:
API
Target version:
Start date:
2020-05-10
Estimated time:

Description

External Authentication will be needed for projects who want a frontend without exposing all data (no public API).
For implementing an API authentication method see: Whitepaper, authentication-with-flask

To consider: webclients will request data so we can't e.g. just block IPs or similar.


Related issues

Related to Feature #1377: API: IP restrictionsClosed2020-10-03Actions

History

#1

Updated by Bernhard Koschicek 6 months ago

  • Description updated (diff)
#2

Updated by Bernhard Koschicek 6 months ago

  • Status changed from New to Assigned
#3

Updated by Bernhard Koschicek 6 months ago

  • Target version set to API
#4

Updated by Bernhard Koschicek 5 months ago

  • Description updated (diff)
#5

Updated by Bernhard Koschicek 5 months ago

  • Status changed from Assigned to Acknowledged
  • Subject changed from External Athentification to External Authentification

For the moment postponed!

#6

Updated by Alexander Watzinger 4 months ago

  • Status changed from Acknowledged to Assigned
#7

Updated by Bernhard Koschicek 4 months ago

  • Target version changed from API to Wishlist
#8

Updated by Alexander Watzinger about 1 month ago

  • Assignee deleted (Bernhard Koschicek)
  • Status changed from Assigned to Acknowledged
  • Subject changed from External Authentification to API: External Authentification
#9

Updated by Christoph Hoffmann about 1 month ago

  • Subject changed from API: External Authentification to API: External Authentication
#10

Updated by Alexander Watzinger about 1 month ago

  • Description updated (diff)
#11

Updated by Bernhard Koschicek 29 days ago

  • Assignee set to Bernhard Koschicek
#12

Updated by Alexander Watzinger 29 days ago

  • Target version changed from Wishlist to API
  • Status changed from Acknowledged to Assigned
  • Description updated (diff)

Moving this from wishlist again because we'll need it for projects who want a frontend without exposing all data.

#13

Updated by Alexander Watzinger 28 days ago

I was thinking about the authentication issue. The API is either accessible (public) or not and authentication via frontend gets tricky because requests are sent from some web client.

We will have to solve this at some point but we can deal with it for now:
  • For testing we can use the Origins project, it has a small data set (so less likely performance issues) and the API is already set public.
  • For concluded projects it shouldn't be a big issue, e.g. the demo versions MEDCON and DPP are already cleaned up data wise and open anyway (nevertheless we will ask for permission).
  • THANADOS is a case where we have a public frontend but not all data should be accessible BUT because the THANADOS frontend uses Flask we could implement an IP restriction (#1377)
#14

Updated by Bernhard Koschicek 11 days ago

Also available in: Atom PDF