https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41671
--- Comment #1 from David Cook <[email protected]> --- At least initially, this grant would probably only be applicable to the /public API endpoints, which would also make it much easier to implement. They wouldn't need any staff permissions, because all this API user would be doing are actions that a public user can do. -- The only time that the HTTP Basic Auth or OAUth2 client credentials grant make sense is when the resources being accessed don't include users, or when the other system using the APIs is fully trusted. But a lot of third-party apps aren't fully trusted, so we do need a more secure way of providing API access while keeping it scoped to a user who has explicitly authenticated at the very least. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
