Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Unresolved
Priority: High
Fix Version/s: Customer request
Affects Version/s: 5.0, 5.1, 5.2, 1.10.1
Component/s: Platform > REST API v2, Users and Access control
Labels:
None

Description

It should be possible to have both basic auth and session auth working at the same time on the REST API.

If a request contains basic auth, the user is authentified this way. If auth fails, the request fails.

If a request doesn't contain basic, we look for a session cookie. We check the session's validity if we find one, and the request fails if the session ain't valid.

If the requests has no basic auth header nor session cookie, we log in the anonymous user if allowed.

Attachments

Issue Links

relates to

EZP-23742 Add PlatformUI bundles to ezpublish-community composer.json

Closed

EZP-27760 Add information about not allowing both basic and session auth at the same time

Closed

EZP-27222 Add a warning comment enabling basic rest auth

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Bertrand Dunogier

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Jan/14 5:39 PM

Updated:: 25/Sep/17 4:10 PM