How can I use token auth "à la Nuxeo Drive" for using the REST API ?
I would like to use the REST API in a Shibboleth protected application. Our Nuxeo instance is also configured to use Shibboleth with the same Service Provider.
How can I use the Shibboleth credentials so that I can have a token for the current user just like when using Nuxeo Drive ?
There is little documentation about TOKEN AUTH and some things are not clear :
using the drive_login.jsp request works in my brower (redirects to Shib Auth and returns the token in the javascript function drive.create_account)
but using it in an HTTP requester does not work right from the start (401 : needs HTTP AUTH).
 |
pibou Bouvret
Member (8.9K) 4 7 10 |
04/28/2016 ( History) |
If fact everything works fine, I only needed the right URL for authentification :
/nuxeo/authentication/token?applicationName=TEST&forceAnonymousLogin=true&deviceDescription=TEST&deviceId=TEST&permission=ReadWrite
Note : the (PHP) application is protected by Shibboleth (mod_shib) and uses the same Service Provider as Nuxeo so that the ajax call can be authentificated without user interaction.
Note : that makes it possible to build one page application in javascript only using the REST API … promising.
|
pibou Bouvret
Member (8.9K) 4 7 10 |
05/02/2016 ( History) |
Hello,
Does you HTTP client support / is configured for redirect? Indeed, the drive_login.jsp page is protected by the Nuxeo authentication filter which handles the redirection to the authentication page you've configured for the Nuxeo instance, in your case Shibboleth.
 |
ataillefer
Member (4.8K) 2 5 6 |
05/02/2016 ( History) |