-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coldfront REST API #632
base: main
Are you sure you want to change the base?
Coldfront REST API #632
Conversation
@claire-peters We now require all commits to be "Signed-off" by using |
Done! Let me know if any further changes are needed. |
@claire-peters This looks great! One question that came up while testing this was about authentication. How are you handling users authenticating to the api at your site? Do you have local user/passwords in ColdFront? We're currently using OAuth2/OpenID connect for authentication to ColdFront and it looks like some extract configuration for django-rest is necessary to get this all working together. Currently, when accessing the API there is the default django-rest login page for local user/passwords but that won't work in our case. One option we were exploring was to allow users to login to ColdFront via the web and create an API token on their user profile page. Then use that token for programmatic access to the API using django-rest token based auth. Is this something you have experimented with at all? |
@aebruno We have a custom authentication system that's built on rest_framework token authentication in our ColdFront instance. I realized after you asked that there's an import missing in this PR to enable token authentication to work properly, which isn't missing in ours for that reason - I'll address that. I think I could extend the userprofile template in the api plugin pretty easily so users can view or regenerate their key there. There's also OAuth config that's part of PR #425 which could be added here. Let me know if you want to go with one or both of those solutions and I can add them! |
Perfect, thanks!
Let's start with token based auth and we can add OAuth later in a separate PR. |
Added token-based auth features to the UI. I realize that it may be good to enable or disable said features based on whether token auth is actually enabled or not, but I thought I'd start just with the discussed additions. |
I built a read-only REST API for FASRC's ColdFront fork and we've been using it internally to query ColdFront data for about half a year. This PR contains the generalizable parts that may help to address issue #316. The views are largely configured to make the same information available to users via API that would be available to them if they were accessing the GUI. PR #425 contains additional configuration for OAuth options etc that may be of use, but I thought having ready-made queries might be useful.