Closed hebasta closed 1 year ago
This is probably not a Kalamar bug but a limitation of Kustvakt. Both Client-List and Client-Info require a user auth token (in addition to a super client credentials for the list). So there is no way to fetch client information for logged out users. Can we allow both without, @margaretha ?
I would leave it as implemented for now.
Would it be an idea to change the message to: "Client with the client-id xy möchte Zugriffsrechte. Bitte melden Sie sich an."? That would be probably less confusing.
Hm. Would be an option. Or just saying "A service is asking for permissions" etc. and after log in all information is shown. But without a valid API we do not know, if the client is registered. So we may want to check that in advance and otherwise not asking for (useless) login.
Because this was implemented deliberately, I removed the "bug" label.
I have updated the client info API. I have replaced user authentication requirement with super client authentication. So the API can be called by a super client without login. See https://github.com/KorAP/Kustvakt/wiki/Service:-OAuth2-Client-Info
Please test it on the test instance.
While the mentioned behaviour is still in place, I'll close this issue now, because it shouldn't occur anymore with an updated backend.
An authorization request with an registered client has as an result a request to the user to log-in, but falsely here the client-id appears instead of the name of the client-application. For instance: https://korap.ids-mannheim.de/instance/test/settings/oauth/authorize?client_id=xxxyyy&scope=search,match -> Notice: "xxxyyy möchte Zugriffsrechte. Bitte melden Sie sich an"