[UXPROD-2672] Implement "Third Party" OAuth2 Token Endpoint for D2IR (INN-Reach) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: P1
Resolution: Done
Affects Version/s: None
Fix Version/s: Kiwi (R3 2021)
Component/s: None
Labels:
- consortia

Template:

UXPROD features
Epic Link:
INN-Reach Integration
Development Team:
Volaris
Calculated Total Rank:
PO Rank:
99
PO Ranking Note:
This is required before any communication can occur between the Central INN-Reach/D2IR server and FOLIO.
Rank: Chicago (MVP Sum 2020):
R4
Rank: Cornell (Full Sum 2021):
R5
Rank: Duke (Full Sum 2021):
R5
Rank: 5Colleges (Full Jul 2021):
R5
Rank: GBV (MVP Sum 2020):
R5
Rank: Grand Valley (Full Sum 2021):
R2
Rank: MO State (MVP June 2020):
R2
Rank: TAMU (MVP Jan 2021):
R5
Rank: U of AL (MVP Oct 2020):
R5

Description

Current situation or problem:
The Direct to INN-Reach (D2IR) APIs require a Bearer Auth token for authentication, and the central server must request such a token from FOLIO prior to calling any D2IR API endpoints provided by FOLIO. However D2IR integration is implemented in FOLIO, the module(s) will need to provide facility to issue Bearer Auth tokens to the central server with these requirements:

An API Key and Secret, which should be concatenated together with a ":" and then base64-encoded.

Content-type header: application/x-www-form-urlencoded

grant_type: client_credentials&scope=innreach_tp

Here is an example from the API Documentation (v2.3, pg. 8):

curl -X POST http://rd-mock.polarislibrary.com/innreach/v2/oauth2/ token -H 'Accept: application/json'
   -H 'Authorization: Basic
   ZmQ1OTdlXmItMjNkLS00ZWZiLAE0ZjUtN2Y2NJFhNDc2Njk2OjVhMjcxMjdhLUk0YmUtNG
   JhYi05MDMzLWI1MmFjMzkxOTQ3Yg=='
   -H 'Content-Type: application/x-www-form-urlencoded'
   -d 'grant_type=client_credentials&scope=innreach_tp'

Sample response:

{
"access_token": "06b42df732f628ae2c3764d86073cd76", 
"token_type": "Bearer",
"expires_in": 599
}

Tokens are valid for 600 seconds. Expired tokens result in "401 Unauthorized" response.

Note: Endpoints should be versioned (/innreach/v1, /innreach/v2, etc.)

In scope
API Endpoint to provide OAuth2 Bearer Tokens to a client based on supplied Base64-encoded key/secret pair.

Out of scope
API client for requesting OAuth2 Bearer Tokens from Central Server based on supplied Base64-encoded ket/secret pair

Questions

How are key/secret pairs generated, stored, invalidated?
How do we verify provided tokens?
How does authorization interact with FOLIO's built-in permissions?

TestRail: Results

Attachments

Issue Links

is defined by

EDGINREACH-2 Provide "Third Party" OAuth2 Token Endpoint for Central Server Authentication to FOLIO

Closed

MODINREACH-1 Store an API Key and Secret Pair for Use by Associated INN-Reach Central Servers

Closed

MODINREACH-41 Provide API to Store an API Key and Secret Pair for Use by Associated INN-Reach Central Servers

Closed

UIINREACH-4 INN-Reach General Settings: Central Server Configuration - Update Third-Party OAuth Key/Secret Pair in Settings

Closed

is required by

UXPROD-2711 Implement Required Local Requests-related Local API Endpoints for D2IR (INN-Reach) Local Servers in FOLIO

Closed

UXPROD-2761 Implement Required Local Circulation-related Local API Endpoints for D2IR (INN-Reach) Local Servers in FOLIO

Closed

UXPROD-2763 Implement Required Local API Endpoints for D2IR (INN-Reach) Local Server Status in FOLIO

Closed

(2 is required by)

Activity

People

Assignee:: Brooks Travis

Reporter:: Brooks Travis

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Sep/20 5:47 PM

Updated:: 27/Oct/21 3:48 PM

Resolved:: 13/Oct/21 1:53 PM

Implement "Third Party" OAuth2 Token Endpoint for D2IR (INN-Reach)