Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22192

Allow both basic and session auth at the same time

    Details

      Description

      It should be possible to have both basic auth and session auth working at the same time on the REST API.

      If a request contains basic auth, the user is authentified this way. If auth fails, the request fails.

      If a request doesn't contain basic, we look for a session cookie. We check the session's validity if we find one, and the request fails if the session ain't valid.

      If the requests has no basic auth header nor session cookie, we log in the anonymous user if allowed.

        Issue Links

          Activity

          Bertrand Dunogier created issue -
          Hide
          Gaetano Giunta (Inactive) added a comment -

          And don't forget oauth (and maybe saml).

          Either that, or allow the rest API to be registered under many different prefixes using different auth schemes for each (it is possible to do that in general in Symfony, but far from easy - at least I managed to get it working on a project).

          NB: this will be a blocker as soon as we deliver the new Editing Interface based on REST-API, as everyone will need to have session-based auth for the rest api, and 50% of users will want basic auth / oauth as well for other clients

          Show
          Gaetano Giunta (Inactive) added a comment - And don't forget oauth (and maybe saml). Either that, or allow the rest API to be registered under many different prefixes using different auth schemes for each (it is possible to do that in general in Symfony, but far from easy - at least I managed to get it working on a project). NB: this will be a blocker as soon as we deliver the new Editing Interface based on REST-API, as everyone will need to have session-based auth for the rest api, and 50% of users will want basic auth / oauth as well for other clients
          Damien Pobel (Inactive) made changes -
          Field Original Value New Value
          Link This issue relates to EZP-23742 [ EZP-23742 ]
          André Rømcke made changes -
          Workflow eZ Engineering Scrumban Workflow [ 61250 ] EZ* Development Workflow [ 69325 ]
          Damien Pobel (Inactive) made changes -
          Link This issue relates to EZP-27222 [ EZP-27222 ]
          Jacek Foremski (Inactive) made changes -
          Affects Version/s 1.10.1 [ 14808 ]
          Jacek Foremski (Inactive) made changes -
          Fix Version/s Customer request [ 11018 ]
          Jacek Foremski (Inactive) made changes -
          Link This issue relates to CS-6309 [ CS-6309 ]
          Jacek Foremski (Inactive) made changes -
          Link This issue relates to EZP-27760 [ EZP-27760 ]
          Alex Schuster made changes -
          Workflow EZ* Development Workflow [ 69325 ] EZEE Development Workflow [ 107426 ]
          Alex Schuster made changes -
          Workflow EZEE Development Workflow [ 107426 ] EZEE and EZP Story Workflow [ 127061 ]
          Status Open [ 1 ] Backlog [ 10000 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Backlog Backlog
          1346d 21h 31m 1 Alex Schuster 25/Sep/17 4:10 PM

            People

            • Assignee:
              Unassigned
              Reporter:
              Bertrand Dunogier
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: