[
https://issues.apache.org/jira/browse/FINERACT-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008354#comment-17008354
]
Michael Vorburger commented on FINERACT-726:
--------------------------------------------
More for my own future self, I'll also record here that my
FINERACT-726_Auth--GSON branch was the 3rd attempt at implementing this. At
first, I tried it via
https://github.com/apache/fineract/compare/develop...vorburger:FINERACT-726_Auth,
which fails due to FINERACT-819 during integrationTest.
> An alternative could be to simply use Content-Type:
> application/x-www-form-urlencoded and
https://github.com/apache/fineract/compare/develop...vorburger:FINERACT-726_Auth-MULTIPART_FORM_DATA
attempted this, and that worked, but it leads to a lot of the following Jersey
warnings which despite trying numerous approaches I was unable to suppress
(related to JUL logging redirection in Fineract being quite a mess; related to
comment from July 10th 2019 in FINERACT-700): _"A servlet request, to the URI
https://localhost:8443/fineract-provider/api/v1/authentication?tenantIdentifier=default,
contains form parameters in the request body but the request body has been
consumed by the servlet or a servlet filter accessing the request parameters.
Only resource methods using @FormParam will work as expected. Resource methods
consuming the request body by other means will not work as expected."_
I've therefore given up on this approach, and recommend we figure out and
finish this issue up using the approach initially described above.
> Changes to /authentication API's to pass data as part of request body
> ---------------------------------------------------------------------
>
> Key: FINERACT-726
> URL: https://issues.apache.org/jira/browse/FINERACT-726
> Project: Apache Fineract
> Issue Type: Improvement
> Affects Versions: 1.2.0
> Reporter: Vishwas Babu A J
> Assignee: Michael Vorburger
> Priority: Major
> Labels: 2019-mifos-gsoc, gsoc, p1, volunteer
> Fix For: 1.4.0
>
>
> Fineract supports authentication either using Basic auth or Oauth. The
> initial authentication is done using the endpoints described at
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_basicauth] and
> [https://demo.openmf.org/api-docs/apiLive.htm#authentication_oauth]
> Both rely on passing the username and password as URL query parameters.
> Ex, the endpoint for /authentication is
> POST :
> [https://localhost:8443/fineract-provider/api/v1/authentication?username=mifos&password=password&tenantIdentifier=default]
>
> We would want to change the same to
> POST
> [https://localhost:8443/fineract-provider/api/v1/authentication?tenantIdentifier=default]
> and pass the username and password as apart of the post body in json format.
> Ex:
> {code:java}
> {
> "username":"mifos",
> "password":"password"
> }{code}
>
> After making this change, the APIdocs and integration test cases would have
> to be updated accordingly
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
