[jira] [Commented] (FINERACT-726) Changes to /authentication API's to pass data as part of request body

Wed, 10 Jul 2019 00:39:54 -0700 


    [ 
https://issues.apache.org/jira/browse/FINERACT-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881799#comment-16881799
 ] 

Michael Vorburger.ch commented on FINERACT-726:
-----------------------------------------------

{quote}We would want to change the same to
{quote}
We would not only to add POST support, but also want the HTTP GET to fail. I'm 
mentioning this because I have a vague memory that JAX RS REST controllers 
permit GET even for {{@POST}} annotated methods (as {{authenticate}} currently 
is).
{quote}and pass the username and password as apart of the post body in json 
format.
{quote}
An alternative could be to simply use {{Content-Type: 
application/x-www-form-urlencoded}} and put 
{{username=mifos&password=password}} in the HTTP Body, see [RFC 7231, section 
4.3.3: POST|https://tools.ietf.org/html/rfc7231#section-4.3.3].
{quote}After making this change, the APIdocs and integration test cases would 
have to be updated accordingly
{quote}
And I suspect that this will have impacts on things such as integration tests 
in Fineract, the Mifos AngularJS front-end, and things like Android mobile apps 
which will have to be dealth with.

> Changes to /authentication API's to pass data as part of request body
> ---------------------------------------------------------------------
>
>                 Key: FINERACT-726
>                 URL: https://issues.apache.org/jira/browse/FINERACT-726
>             Project: Apache Fineract
>          Issue Type: Improvement
>    Affects Versions: 1.2.0
>            Reporter: Vishwas Babu A J
>            Priority: Major
>              Labels: 2019-mifos-gsoc, gsoc, p1, volunteer
>             Fix For: 1.4.0
>
>
> Fineract supports authentication either using Basic auth or Oauth. The 
> initial authentication is done using the endpoints described at 
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_basicauth] and 
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_oauth] 
> Both rely on passing the username and password as URL query parameters.
> Ex, the endpoint for /authentication is 
> POST  : 
> [https://localhost:8443/fineract-provider/api/v1/authentication?username=mifos&password=password&tenantIdentifier=default]
>  
> We would want to change the same to
> POST 
> [https://localhost:8443/fineract-provider/api/v1/authentication?tenantIdentifier=default]
> and pass the username and password as apart of the post body in json format.
> Ex:
> {code:java}
> {
> "username":"mifos",
> "password":"password"
> }{code}
>  
> After making this change, the APIdocs and integration test cases would have 
> to be updated accordingly 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to