← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
Time | Nick | Message |
---|---|---|
06:29 | * magnuse | waves in the general direction of Marseille |
06:30 | ashimema | morning magnuse |
06:30 | magnuse | bonjour! |
06:30 | the early bird gets the worm? | |
06:32 | lds joined #koha | |
06:33 | * magnuse | wonders what people do if they have external services that need to authenticate Koha-users through the REST API, but the service should only be avaiable to some of the users, based on something like patron category or an individual setting per user |
06:34 | reiveune joined #koha | |
06:34 | reiveune | hello |
06:35 | dcook | magnuse: *covers my ears* |
06:35 | * dcook | also waves to folks in France (and other places) |
06:35 | magnuse | bonjour reiveune |
06:36 | dcook | magnuse: I suppose for a use case like that... you'd have to lookup the user first, apply whatever filtering, and then only do the auth then |
06:37 | With the Keycloak extension I did, I do a patron lookup across a few criteria, and then only attempt auth if I find a matching patron | |
06:37 | magnuse | dcook: yeah, that sounds reasonable, but how to implement that? hack the api or could it be done with a plugin? |
06:37 | dcook | Note I forbid any APIs calls to the OPAC other than "public" calls, and then I also restrict the admin REST API by IP |
06:37 | magnuse | ah keycloak, eh |
06:37 | dcook | Doesn't need to be hacked |
06:37 | But the logic would be consumer-side | |
06:37 | Or if you wanted to embed it in Koha I'd go with a plugin | |
06:38 | magnuse: Yeah I put that Keycloak extension somewhere... | |
06:39 | magnuse | could a plugin infiltrate itself into the standard api, or would it have to provide a separate endpoint/service? |
06:40 | and if different services should use the same api, how would koha know which logic to apply? | |
06:40 | dcook | Different endpoint |
06:40 | magnuse | ok, cool |
06:41 | dcook | However you like |
06:41 | Phenomenal cosmic power... itty bitty living space... | |
06:42 | The plugin is so powerful you could do anything | |
06:42 | * ashimema | wants to try and do some new OAuth grant flows |
06:42 | dcook | ashimema: Oh my... you know just what to say... |
06:42 | * dcook | is onboard for this idea |
06:42 | magnuse | yeah, was mostly wondering if there was some magic that could be done with the standard api |
06:43 | ashimema | we only support the most basic one really.. I'd like to see us to a few other flows.. |
06:43 | dcook | There is no such thing as magic O_O |
06:43 | hehe | |
06:43 | * ashimema | tries to remember the grant flow he's especially interested in. |
06:43 | dcook | magnuse: What's the use case? You can DM me if you don't want to post it here |
06:43 | ashimema | it's on the list to discuss api masquerading at hackfest... i'm kinda hoping that also lets me ask this question again and get someone to help work on it.. |
06:44 | * dcook | isn't at all trying to do 3 things at once right now |
06:44 | dcook | ashimema: Are you at the hackfest? |
06:44 | Or remoting in? | |
06:44 | ashimema | the main issue I've had is our underlying permissions system.. it's a bit of a mess to try and do this |
06:44 | dcook | ^ |
06:44 | ashimema | I'm at Hackfest 🙂 |
06:44 | dcook | :3 |
06:44 | ashimema | my whole team is here 🙂 |
06:44 | dcook | I wish that I was as well.. seems like a good year for it |
06:45 | ashimema | well.. Alexander will be soon enough.. he's the straggler but should hopefully join us in the next few days.. |
06:45 | we'll have 7! here this year | |
06:45 | dcook | Nice! |
06:45 | I hope it's a really productive time :D | |
06:45 | Is it just this week? | |
06:46 | ashimema | I'm putting together my KohaCon proposal next week.. already got permission to go loosely agreed anyway though 🙂 |
06:46 | dcook | I've got a hectic few days, but maybe I can pick up some slack towards the end of the week.. |
06:46 | ashimema | hopefully see yout here |
06:46 | dcook | I sure hope so :) |
06:46 | ashimema | yeah.. just the week.. never get enough done |
06:46 | dcook | Story of my life |
06:47 | ashimema | Hackfest is taking a slightly different format this year though :).. I have been plannning it with my team here for weeks.. when I shared our target list with Paul he turned it into a set of 'Tracks' and now we have three parallel tracks running each with a "lead" |
06:47 | dcook | Oooh that sounds good |
06:48 | ashimema | so I'm leading a track and encouraging discussions and coding to happen around it. |
06:48 | dcook | What's your track called? |
06:48 | ashimema | just up early having a coffee and working out how I'm going to do that.. lol... being on vacation last week means I'm jumping in at the deep end a little again.. |
06:49 | I'm on the 'Side' track (which I think is the 'it didn't fit anywhere else' track.. lol) | |
06:49 | one sec.. I'll dig out the sheet.. no reason not to share it | |
06:49 | https://docs.google.com/spread[…]/edit?usp=sharing | |
06:49 | those are the hackfest plans | |
06:50 | magnuse | dcook: nothing specific yet, the scenario is just different external services that need to authenticate Koha users, and "filtering" which Koha users should be allowed to authenticate |
06:51 | dcook | ashimema: Oh neat. I like the sound of a lot of these things, although I'm not sure what API Masquerading is |
06:51 | ashimema | the Topics tab is the interesting one |
06:51 | dcook | That's the one I'm on haha |
06:52 | ashimema | right now we only do client credentials grant so you create an API user and just login as that.. we have systems that want to login as the client user but 'act' as the patron or staff user |
06:52 | dcook | magnuse: So one way of doing that could be using SSO and attributes in the Identity Provider |
06:53 | ashimema | acting on behalf of a user |
06:53 | dcook | ashimema: Oh yes, I think we talked about this once.. |
06:54 | Actually if I understand... | |
06:54 | ashimema | in reality what we really sohuld have is 'code grant' flow I reckon |
06:54 | dcook | I'm not sure I follow the use case quite.. |
06:54 | ashimema | where you identify both parties anyway and the end user picks which of their permissions the client can access |
06:55 | right now we can't easily identify client vs user for api calls | |
06:56 | dcook | brb |
07:03 | And back but really should be running | |
07:03 | ummm | |
07:04 | Yeah, that use case is one I've definitely wanted to work on more as well | |
07:06 | The particular supplier who needed it isn't in the mix anymore I think | |
07:06 | ashimema | I'm heading up the road now to find the offices.. |
07:06 | catch you later chaps | |
07:07 | dcook | "where you identify both parties anyway and the end user picks which of their permissions the client can access" this seemed more common pre-OIDC of course |
07:07 | We'd want to think of something in a SSO context I think.. | |
07:07 | paulderscheid[m] | morning #koha |
07:07 | dcook | Yeah I better run |
07:07 | laterz ashimema and co | |
07:11 | matts_ joined #koha | |
07:17 | cait joined #koha | |
07:19 | cait joined #koha | |
07:43 | * magnuse | waves in the general direction of Marseille |
08:27 | thibaud_g joined #koha | |
08:55 | dolf joined #koha | |
08:58 | dolf | Hi. I upgraded from Koha 22.05 to 22.11 today (slowly catching up on all those missed releases). In Koha 22.05, I was using exactly this config for cover images: https://bywatersolutions.com/e[…]come-from-in-koha After the upgrade to 22.11, the cover images are missing. Any ideas how I could debug this or what I should check for? |
09:02 | matts_hackfest joined #koha | |
09:02 | dolf | Example: https://library.refstudycentre[…]y&weight_search=1 |
09:04 | kidclamp joined #koha | |
09:09 | ashimema | Joubu: around? |
09:31 | krimsonkharne[m] | g'day #koha |
09:36 | thibaud_g joined #koha | |
10:09 | magnuse_ joined #koha | |
10:14 | magnuse_ | did we implement 2fa for the opac yet? i thought there was an issue about that but couldn't find it |
10:19 | aude_c[m] | Can't find the bug for it either 🧐 |
11:05 | jzairo joined #koha | |
12:00 | lds joined #koha | |
12:18 | clrh joined #koha | |
12:18 | clrh | hi here |
12:23 | khall joined #koha | |
12:25 | magnuse_ | bonjour clrh |
12:29 | caroline joined #koha | |
12:31 | caroline | good morning! |
12:38 | magnuse | hiya caroline |
12:38 | is there a difference between renewsCheckout and renewCheckout in the REST API? | |
12:45 | bag joined #koha | |
12:52 | khall joined #koha | |
12:53 | clrh | hello magnuse |
13:17 | asellerate joined #koha | |
13:18 | asellerate joined #koha | |
13:28 | alex joined #koha | |
13:45 | alex joined #koha | |
13:48 | bag joined #koha | |
14:07 | bag joined #koha | |
14:16 | khall joined #koha | |
14:31 | Dyrcona joined #koha | |
14:38 | alex joined #koha | |
15:01 | reiveune left #koha | |
15:10 | khall joined #koha | |
15:33 | khall joined #koha | |
15:33 | thibaud_g joined #koha | |
16:45 | Joubu_ joined #koha | |
16:46 | tcohen_ joined #koha | |
17:48 | wise_mike[m] joined #koha | |
17:48 | StVincentMaintenance[m] joined #koha | |
17:48 | arkibus[m] joined #koha | |
17:48 | JasonGreene[m] joined #koha | |
17:48 | KakhaberRevazishvili[m] joined #koha | |
17:48 | Megu[m] joined #koha | |
17:48 | ArvindNaikwadi[m] joined #koha | |
17:48 | afr4z[m] joined #koha | |
17:48 | KodoKorkalo[m] joined #koha | |
17:48 | GeorgeWilliams[m] joined #koha | |
17:48 | LaurentDucos[m] joined #koha | |
18:09 | ArvindNaikwadi[m] joined #koha | |
18:09 | LaurentDucos[m] joined #koha | |
18:10 | StVincentMaintenance[m] joined #koha | |
19:28 | khall joined #koha | |
20:26 | khall joined #koha | |
20:39 | mtj | hi #koha, bonjour #hackfest |
21:13 | jzairo joined #koha | |
21:19 | alohabot joined #koha |
← Previous day | Today | Next day → | Search | Index