User IDs

[GeoDirk]

Within the Project object are the NonObserverUsers. That is a list of strings which apparently is the concatenation of First and Last names. As we develop our online repository for holding alignments, we would like to be able to positively identify each user who can access the alignments with each project.

Is there more to each user other than this identifier? Something like a GUID or unique email that we can link back to? Is this firstname/lastname combination case sensitive? From trying to add in new users into the Paratext registry, it appears that you cannot add in another user with the same user name combination of First and Last names (case insensitive).

If this is all that there is for the user, as we move alignment data online, we'll need something more robust that has some sort of authentication along with it.

Thanks,

[tombogle]

I'll let someone from the Paratext team address the technical aspects of your question as to what information might be held by Paratext for each registered user. One thing to keep in mind as you work out your solution is the legal aspect of storing PII about users. You'll especially want to ensure you are compliant with GDPR and similar privacy laws. I might be telling you something you already know, so my apologies. Just want to be sure our plugin community continues to be a safe place for users.

[FoolRunning]

Yes, for better or (mostly) worst, users are only identified inside a project via their username. We do authenticate for access to the Paratext Registry and users need a code from the Registry to use Paratext so users using Paratext are indirectly authenticated.

EDIT: FWIW, this has been the case for 20-ish years - way before the GDPR was a thing. To change it now requires a massive change to both the project data and internal Paratext code. Also, the last time we did something that required all projects to upgrade to a different data format, we got a lot of pushback from our users and it took over two years to get every project to convert, so we've been avoiding it.

[FoolRunning]

One option for authentication of a Paratext user is to use the Paratext Registry REST API.

[GeoDirk]

@FoolRunning @tombogle

This is very helpful. Thanks much!

[GeoDirk]

@FoolRunning

I tried using the referenced API to login and I'm getting 401 errors. Here is my attempt. A coworker used his codes and got the same error.

terrauser@GTT-BEAST:~$ USERNAME=Dirk-Kaiser
terrauser@GTT-BEAST:~$ REGISTRY_CODE=XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
terrauser@GTT-BEAST:~$ CONCATED_CREDS="$USERNAME:$REGISTRY_CODE"
terrauser@GTT-BEAST:~$ ENCODED_CREDS=`echo $CONCATED_CREDS | base64`
terrauser@GTT-BEAST:~$ echo $CONCATED_CREDS
Dirk-Kaiser:XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
terrauser@GTT-BEAST:~$ echo "Authorization: Basic $ENCODED_CREDS";
Authorization: Basic RGlyay1LYWlzZXI6WFBPXRAzLTZSN0E1UC0wQkM4NzItQ1pQV1RULUFWNUY4OAo=
terrauser@GTT-BEAST:~$ wget https://registry.paratext.org/api8/ \
header=">   --header="Authorization: Basic $ENCODED_CREDS"

--2022-06-08 11:11:17--  https://registry.paratext.org/api8/
Resolving registry.paratext.org (registry.paratext.org)... 54.235.68.98
Connecting to registry.paratext.org (registry.paratext.org)|54.235.68.98|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized

Username/Password Authentication Failed.

Am I doing this wrong or is the documentation wrong? If you don't know, is there someone else who you could pass me over to?

[jwickberg]

I tried this endpoint: https://registry.paratext.org/api8/my/projects

This should give back the projects you have access to as a JSON array. I confirmed that this worked for me by using the browser - you will be requested to enter a user name and password which is your Paratext user name and registration code.

I couldn't get the wget to work doing what I thought would be the equivalent. I'll have to contact a person who knows the server code better.

There is a section in the API documentation about 3rd party access which describes using JWT tokens or OAUTH. I think you'll probably need to go this route.

[jwickberg]

I'm not that familiar with wget, but I noticed it does support --user and --password arguments. When I use those, wget does work with the query for projects. It looks like wget sends a request which gets a 401 and then sends a second request. Not sure why.

[GeoDirk]

@jwickberg

Thanks, I've been able to get it to work in the browser and in Postman using the methods you suggested. One thing I noticed is that the Username argument is case sensitive.

The API Docs probably should be modified as they say that you have to jump through a few different hoops:

Access on behalf of Paratext

When Paratext accesses the Registry it will always pass the username and registrationCode to the HTTP request. The Registry will verify the user and registration code in order to authenticate the request.

The user name and registration code will be included in the HTTP Authorization header, as the base64-encoded string of username:registrationCode (separated by colon), for example: