[MGNLREST-71] Rest authentication with API Tokens on DXCore Created: 28/Jun/16  Updated: 13/Sep/23

Status: Accepted
Project: Magnolia REST Framework
Component/s: None
Affects Version/s: 1.1.1
Fix Version/s: None

Type: Story Priority: Neutral
Reporter: Christopher Zimmermann Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLSSO-130 Stabilize temporary disabled test and... Closed
relates to MGNLSSO-96 Non-interactive SSO access to REST en... Closed
dependency
is depended upon by MGNLREST-336 Fix slow BasicAuth performance Closed
duplicate
is duplicated by MGNLREST-225 API token Closed
is duplicated by MGNLREST-261 Secure authentication needed into RES... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Epic Link: Support
Team: DeveloperX

 Description   

Currently, we are only providing Basic Authentication for accessing content (or any operation) through our REST API. For situations where restricted content will be commonly called, such as an intranet this either requires the user to enter the credentials multiple times, or for the client to store the credentials - both of which are not desirable.

Magnolia should provide a way for a client to remain authenticated, possibly through a cookie / OAUTH system.

This is on the public roadmap: https://portal.productboard.com/magnolia/1-magnolia-roadmap/c/40-authenticate-with-api-tokens

 

For additional details, please see linked: https://jira.magnolia-cms.com/browse/SUGGEST-41



 Comments   
Comment by Christopher Zimmermann [ 06/Oct/21 ]

Related Incubator Module: https://git.magnolia-cms.com/projects/INCUBATOR/repos/rest-security/browse

Comment by Mykola [ 09/Jun/23 ]

I don't know if this is a good place for this question, but I see many similar tasks were closed in favor of this one.
With this feature would it be possible to protect only selected endpoints or only selected nodes/properties in website workspace? For example pages with protected data only for loged in users? (similar to what PUR module does in freemarker approach)

Generated at Mon Feb 12 06:56:18 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.