Closed hebasta closed 1 year ago
Akron
commented
1 year ago This is probably not a Kalamar bug but a limitation of Kustvakt. Both Client-List and Client-Info require a user auth token (in addition to a super client credentials for the list). So there is no way to fetch client information for logged out users. Can we allow both without, @margaretha ?
Akron
commented
1 year ago I would leave it as implemented for now.
hebasta
commented
1 year ago Would it be an idea to change the message to: "Client with the client-id xy möchte Zugriffsrechte. Bitte melden Sie sich an."? That would be probably less confusing.
Akron
commented
1 year ago Hm. Would be an option. Or just saying "A service is asking for permissions" etc. and after log in all information is shown. But without a valid API we do not know, if the client is registered. So we may want to check that in advance and otherwise not asking for (useless) login.
Akron
commented
1 year ago Because this was implemented deliberately, I removed the "bug" label.
margaretha
commented
1 year ago I have updated the client info API. I have replaced user authentication requirement with super client authentication. So the API can be called by a super client without login. See https://github.com/KorAP/Kustvakt/wiki/Service:-OAuth2-Client-Info
Please test it on the test instance.
Akron
commented
1 year ago While the mentioned behaviour is still in place, I'll close this issue now, because it shouldn't occur anymore with an updated backend.
An authorization request with an registered client has as an result a request to the user to log-in, but falsely here the client-id appears instead of the name of the client-application. For instance: https://korap.ids-mannheim.de/instance/test/settings/oauth/authorize?client_id=xxxyyy&scope=search,match -> Notice: "xxxyyy möchte Zugriffsrechte. Bitte melden Sie sich an"