Authentication plugin system for use with the Rest external storage client

Problem/Motivation

One possible source for external entities is a REST endpoint, hence the Rest external storage client embedded in the External Entities module. This plugin supports authentication via a header which can be statically specified in its configuration. However, services can be behind all kind of authentication mechanisms, quite often OAuth these days (as in #3040457: consuming external api gives authentication error → ) or some variants of it, which imply getting a token which will be added to the request. Although this could be implemented in a child plugin class in custom projects, being able to deal with authentication at this level would benefit anyone declaring REST external entities.

Proposed resolution

The Entity Share module → provides a generic authentication system relying on plugins. Such a mechanism could be implemented in External Entities as well.

Remaining tasks

• Agreeing on such a mechanism for the Rest storage client. I would then start to develop such a feature.
• Declaring the generic plugin.
• Letting the user select an authentication plugin in the configuration of the Rest external storage client.
• Implementing the most common authentication mechanisms: none (anonymous), basic auth, header, OAuth. Developers needing less common authentication patterns will still be able to implement a custom plugin, either by inheriting from an existing plugin or not.

User interface changes

Users will then be able to select an authentication plugin and to configure it. The existing static header configuration can remain this way, as it may not necessarily related to authentication in some cases.

API changes

• New authentication plugin system.
• Additional configuration in the external storage plugin.

Data model changes

Only changes in the configuration of the external storage plugin.