Skip to content
Snippets Groups Projects
Closed Allow basic authentication in the api
  • View options
  • Allow basic authentication in the api

  • View options
  • Closed Issue created by Hamza Remmal

    For now, the only authentication mechanism allowed for the api is the use of a single shared token. This token is obviously not distributed to people and therefore, only us have the possibility to use the api. Now that the api is getting more functionalities and we are using it to get the students' files and grades, we should allow access to it by providing an alternative authentication solution. I believe we can do this in multiple steps:

    1. Connect to the EPFL LDAP (This was already done in !279 (merged))
    2. Shared secret authentication should now become a Bearer token, to align with the HTTP protocol (https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
    3. Enable basic authentication for /api/v1/* endpoints. We should be very careful to not allow to create new assignments, new submissions, delete them and to not allow to upload the grades. This is part of the authorization scheme, not authentication, but I'm mentioning it here anyways.
    4. Take care of the authorization scheme.

    Linked items ... 0

  • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading