search

loris-imageserver / loris

Loris IIIF Image Server
Other
209 stars 87 forks source link

documentation for Auth? #502

Open dvhassel opened 4 years ago

dvhassel commented 4 years ago

Hi,

is there any documentation floating around on using IIIF Auth with Loris? I'm trying to get this working with the SimpleFSResolver, without any luck so far unfortunately.

I have created the rules.json file for my test image (test1.jp2 and test1.rules.json live in the same directory) and added use_auth_rules=True to the [resolver] section of loris2.conf.

This is being picked up as I can see in the log: [DEBUG]: resolver.use_auth_rules=True

However, test1.jp2/info.json does include the extraInfo from test1.rules.json. It doesn't seem to be a caching issue.

Any suggestions?

bcail commented 4 years ago

@dvhassel have you set up the authorizer section of your loris2.conf? This is an example config from webapp.py: config['authorizer'] = { "impl": "loris.authorizer.RulesAuthorizer", "cookie_secret": b"4rakTQJDyhaYgoew802q78pNnsXR7ClvbYtAF1YC87o", "token_secret": b"hyQijpEEe9z1OB9NOkHvmSA4lC1B4lu1n80bKNx0Uz0=", "roles_key": "roles", "id_key": "sub", }

dvhassel commented 4 years ago

hi, no I didn't. I have this now in loris2.conf:

[authorizer]
impl = 'loris.authorizer.RulesAuthorizer'
cookie_secret = b'4rakTQJDyhaYgoew802q78pNnsXR7ClvbYtAF1YC87o'
token_secret = b'hyQijpEEe9z1OB9NOkHvmSA4lC1B4lu1n80bKNx0Uz0='
roles_key = 'roles'
id_key = 'sub'

The rules.json:

{
    "extraInfo": 
    {
        "service" : {
        "@context": "http://iiif.io/api/auth/1/context.json",
        "@id": "http://<ip-to-loris>/clickthrough",
            "profile": "http://iiif.io/api/auth/1/clickthrough",
            "label": "Terms of Use for Example Institution",
            "header": "Restricted Material with Terms of Use",
            "description": "<span>... terms of use ... </span>",
            "confirmLabel": "I Agree",
            "failureHeader": "Terms of Use Not Accepted",
        "failureDescription": "You must accept the terms of use to see the content.",
         "service": [
                {
                    "@context": "http://iiif.io/api/auth/1/context.json", 
                    "@id": "http://<ip-to-loris>/token",
                    "profile": "http://iiif.io/api/auth/1/token"
                }
            ]
        }
    }
}

in the log I can see this now: (loris.authorizer) [DEBUG]: Called is_protected with {'extraInfo': {'service (...)

but nothing in /info.json.

Step-by-step I guess?