[ 
https://issues.apache.org/jira/browse/FINERACT-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008351#comment-17008351
 ] 

Michael Vorburger commented on FINERACT-726:
--------------------------------------------

I spent some time on this, and on 
[https://github.com/apache/fineract/compare/develop...vorburger:FINERACT-726_Auth--GSON]
 have something which implements this as described above. It "works" in so far 
as that authentication like this: {{http --json --verify no POST 
"https://localhost:8443/fineract-provider/api/v1/authentication?tenantIdentifier=default";
 username=mifos password=password}} (using 
[https://github.com/jakubroztocil/httpie]) passes, and returns what to me looks 
like the usual base64EncodedAuthenticationKey etc.

What's very puzzling is that "./gradlew integrationTest" fails for me locally 
with this change, even though the branch includes a change to make 
{{Utils.java}} send the uid/pwd in the request body instead of as URL 
parameters via RestAssured, which should be equivalent to the {{httpie}} 
example above. I've not yet been able to figure out why that is so, and would 
very much welcome help from anyone interested in this...

> Changes to /authentication API's to pass data as part of request body
> ---------------------------------------------------------------------
>
>                 Key: FINERACT-726
>                 URL: https://issues.apache.org/jira/browse/FINERACT-726
>             Project: Apache Fineract
>          Issue Type: Improvement
>    Affects Versions: 1.2.0
>            Reporter: Vishwas Babu A J
>            Assignee: Michael Vorburger
>            Priority: Major
>              Labels: 2019-mifos-gsoc, gsoc, p1, volunteer
>             Fix For: 1.4.0
>
>
> Fineract supports authentication either using Basic auth or Oauth. The 
> initial authentication is done using the endpoints described at 
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_basicauth] and 
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_oauth] 
> Both rely on passing the username and password as URL query parameters.
> Ex, the endpoint for /authentication is 
> POST  : 
> [https://localhost:8443/fineract-provider/api/v1/authentication?username=mifos&password=password&tenantIdentifier=default]
>  
> We would want to change the same to
> POST 
> [https://localhost:8443/fineract-provider/api/v1/authentication?tenantIdentifier=default]
> and pass the username and password as apart of the post body in json format.
> Ex:
> {code:java}
> {
> "username":"mifos",
> "password":"password"
> }{code}
>  
> After making this change, the APIdocs and integration test cases would have 
> to be updated accordingly 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to