Closed serious-steve closed 3 years ago
I have created the implementation issue https://jira.duraspace.org/browse/DS-3934 to remember about the need to support the login-as feature in DSpace 7. This should address your use case, please confirm so that I can close this issue here.
This is also loosely related to https://jira.duraspace.org/browse/DS-3927 My guess is that oauth could play a role here. If DSpace acts as a OAuth provider it should be possible for an user grants access to external tools on his behalf.
Thank you Andrea for pointing me to the oauth thread! We are aware of the login-as feature. Our experience is that dspace maintainers will refuse to integrate external services if they require an administrator account, and I would do the same :smile: So, unfortunately, this does not replace the sword "submit-on-behalf-of" feature where the service user can be unprivileged and its permissions are configurable.
Basically, two things are important:
I don't know too much about oauth but judging from what I know it should be capable of covering our use case.
Closing as fixed. This feature was added in https://github.com/DSpace/DSpace/pull/2740 using the X-On-Behalf-Of
header. See also the contract docs at https://github.com/DSpace/Rest7Contract/blob/main/authentication.md#log-in-as
Hello everybody,
I am working on a project where we design and implement a service where scientists can submit records of archived data. For that purpose we integrate several DSpace-driven institutional repositories and a dedicated service account with submission permission on all collections. Our service submits records via swordv2 and "onBehalfOf" - so finally the users permissions are being applied - but we never need to ask for a users password. We where not able to find such functionality in Rest5/6 but since we have to use Rest anyways it would be great if this feature could find its way into Rest7.
Okay, I am looking forward to your feedback regards Stefan