https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41671
Bug ID: 41671
Summary: OAuth2 authorization code grant for REST API
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: new feature
Priority: P5 - low
Component: REST API
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
At the moment, we only allow app-to-app access via HTTP Basic Auth or OAuth2
client credentials. This gives third-party apps access to a lot of
functionality and data across all users. This has data privacy/security
implications.
Ideally, it would be great if third-party apps could require users to integrate
with Koha using an OAuth2 authorization code grant, so that the third-party app
could get access tokens scoped to the individual user which authenticates
against Koha (and not via the third-party app).
The scopes applied to to the token could be limited and the user could give
consent for those scopes.
And most of all... the third-party app would only be able to use that token for
that user. This limits what the third-party app can do and what it can see.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
