Contrib.social

Authentication plugin system for use with the Rest external storage client

Open on Drupal.org β†’
Created on 2 February 2023, about 2 years ago

Problem/Motivation

One possible source for external entities is a REST endpoint, hence the Rest external storage client embedded in the External Entities module. This plugin supports authentication via a header which can be statically specified in its configuration. However, services can be behind all kind of authentication mechanisms, quite often OAuth these days (as in #3040457: consuming external api gives authentication error β†’ ) or some variants of it, which imply getting a token which will be added to the request. Although this could be implemented in a child plugin class in custom projects, being able to deal with authentication at this level would benefit anyone declaring REST external entities.

Proposed resolution

The Entity Share module β†’ provides a generic authentication system relying on plugins. Such a mechanism could be implemented in External Entities as well.

Remaining tasks

  • Agreeing on such a mechanism for the Rest storage client. I would then start to develop such a feature.
  • Declaring the generic plugin.
  • Letting the user select an authentication plugin in the configuration of the Rest external storage client.
  • Implementing the most common authentication mechanisms: none (anonymous), basic auth, header, OAuth. Developers needing less common authentication patterns will still be able to implement a custom plugin, either by inheriting from an existing plugin or not.

User interface changes

Users will then be able to select an authentication plugin and to configure it. The existing static header configuration can remain this way, as it may not necessarily related to authentication in some cases.

API changes

  • New authentication plugin system.
  • Additional configuration in the external storage plugin.

Data model changes

Only changes in the configuration of the external storage plugin.

✨ Feature request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡«πŸ‡·France fmb PerpinyΓ , Catalonia, EU

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @fmb
  • Comment 21 days ago β†’
    πŸ‡¨πŸ‡¦Canada colan Toronto πŸ‡¨πŸ‡¦
  • Comment 20 days ago β†’
    πŸ‡«πŸ‡·France guignonv

    This feature is already partially supported by v3. V3 supports token authentication in the HTTP header as well as in the query string. However, there's no plugin system for more sophisticated ways of authentication.

    It could be a nice feature though. I would see either a plugin that would provide automatic authentication for current Drupal user (would allow SSO but it could also use some user custom account settings) or it could be achieved through an authentication event thrown for REST queries that needs authentication. It might add additional REST settings to specify what requires authentication (all or only PUT/UPDATE/POST, or some calls,...).

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024