Project

General

Profile

Actions

Feature #1233

open

API: External Authentication

Added by Bernhard Koschiček-Krombholz almost 4 years ago. Updated over 1 year ago.

Status:
Acknowledged
Priority:
Normal
Assignee:
-
Category:
API
Target version:
Start date:
2020-05-10
Estimated time:

Description

External Authentication will be needed for projects who want a frontend without exposing all data (no public API).
For implementing an API authentication method see: Whitepaper, authentication-with-flask

To consider: webclients will request data so we can't e.g. just block IPs or similar.


Related issues 1 (0 open1 closed)

Related to OpenAtlas - Feature #1377: API: IP restrictionsClosedAlexander Watzinger2020-10-03Actions
Actions #1

Updated by Bernhard Koschiček-Krombholz almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by Bernhard Koschiček-Krombholz almost 4 years ago

  • Status changed from New to Assigned
Actions #3

Updated by Bernhard Koschiček-Krombholz almost 4 years ago

  • Target version set to 208
Actions #4

Updated by Bernhard Koschiček-Krombholz almost 4 years ago

  • Description updated (diff)
Actions #5

Updated by Bernhard Koschiček-Krombholz almost 4 years ago

  • Subject changed from External Athentification to External Authentification
  • Status changed from Assigned to Acknowledged

For the moment postponed!

Actions #6

Updated by Alexander Watzinger over 3 years ago

  • Status changed from Acknowledged to Assigned
Actions #7

Updated by Bernhard Koschiček-Krombholz over 3 years ago

  • Target version changed from 208 to Wishlist
Actions #8

Updated by Alexander Watzinger over 3 years ago

  • Subject changed from External Authentification to API: External Authentification
  • Status changed from Assigned to Acknowledged
  • Assignee deleted (Bernhard Koschiček-Krombholz)
Actions #9

Updated by Christoph Hoffmann over 3 years ago

  • Subject changed from API: External Authentification to API: External Authentication
Actions #10

Updated by Alexander Watzinger over 3 years ago

  • Description updated (diff)
Actions #11

Updated by Bernhard Koschiček-Krombholz over 3 years ago

  • Assignee set to Bernhard Koschiček-Krombholz
Actions #12

Updated by Alexander Watzinger over 3 years ago

  • Description updated (diff)
  • Status changed from Acknowledged to Assigned
  • Target version changed from Wishlist to 208

Moving this from wishlist again because we'll need it for projects who want a frontend without exposing all data.

Actions #13

Updated by Alexander Watzinger over 3 years ago

I was thinking about the authentication issue. The API is either accessible (public) or not and authentication via frontend gets tricky because requests are sent from some web client.

We will have to solve this at some point but we can deal with it for now:
  • For testing we can use the Origins project, it has a small data set (so less likely performance issues) and the API is already set public.
  • For concluded projects it shouldn't be a big issue, e.g. the demo versions MEDCON and DPP are already cleaned up data wise and open anyway (nevertheless we will ask for permission).
  • THANADOS is a case where we have a public frontend but not all data should be accessible BUT because the THANADOS frontend uses Flask we could implement an IP restriction (#1377)
Actions #14

Updated by Bernhard Koschiček-Krombholz over 3 years ago

Actions #15

Updated by Alexander Watzinger over 1 year ago

  • Status changed from Assigned to Acknowledged
  • Assignee deleted (Bernhard Koschiček-Krombholz)
  • Target version changed from 208 to Wishlist
Actions

Also available in: Atom PDF