https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36561
--- Comment #22 from David Cook <[email protected]> --- That said, sometimes, I think about discovery interfaces, and think it would be great to have permissions for doing things on behalf of an authenticated patron. For instance, Patron A supplies username and password to VuFind, and VuFind does the lookup using "/api/v1/auth/password/validation", and then VuFind is authorized to do things on behalf of only that patron. Of course, that's the point of OAuth2/SSO. VuFind should redirect to Koha, the user logs into Koha, gives consent to certain scopes, and then is redirected back to VuFind with an OAuth2 token, which can then be used for Koha API operations *as the borrower/patron*. Regardless, we do still have systems (like my Keycloak Koha backend SSO extension) that need to do system to system lookups without user involvement. -- Beyond "validate_borrowers", I could imagine a "lookup_borrower" for the ILS-DI LookupPatron type operation. You'd first use "/api/v1/auth/password/validation" and then lookup "/api/v1/patrons/51" (or perhaps a third-party specific endpoint) but only get a minimal record back. -- Anyway, for now we may as well just put them under "borrowers" with a special description... we can always move them under a "external_web_services" permission or something later. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
