> On Apr 9, 2020, at 11:40 AM, Dinuka Desilva <[email protected]> wrote: > > Oh. I got it. My question is how the token is passed for other endpoint like > this https://testdrive.airavata.org/api/applications/list_all/ > <https://testdrive.airavata.org/api/applications/list_all/>?
Well, currently, it's not. The token is stored in the user's Django session. If the user is logged in, then that user can can call the API endpoints (Django assigns a cookie to identify the session). We could add a token based authentication though. We would need a new custom authenticator [1] and we would need to extend the KeycloakBackend [2] to be able to authenticate a user based on an access token. [1] https://www.django-rest-framework.org/api-guide/authentication/#custom-authentication <https://www.django-rest-framework.org/api-guide/authentication/#custom-authentication> [2] https://github.com/apache/airavata-django-portal/blob/master/django_airavata/apps/auth/backends.py#L21 <https://github.com/apache/airavata-django-portal/blob/master/django_airavata/apps/auth/backends.py#L21> Then you would be able to call the Django REST API when the user's access token.
smime.p7s
Description: S/MIME cryptographic signature
