Open mikebell opened 8 years ago
I've explored OAuth a bit more and I'm 99% sure this is the way to go.
My next issue is finding out why simple API calls are being rejected as not authorised. I wonder if this has something to do with OpenID.
Nope not OpenID, I have a sample site working with Basic Auth though.
Figured it out and I needed to enable oauth in the Rest UI.
Here is a breif overview of my plans:
This is a good start to allowing users to be updated from other systems.
There is an issue with creating new users, they require google sign in, to get around this create a new user using drush and specify the --password flag. The new user will need to be assigned to the API role and then a new consumer key/secret will need to be generated.
PR for the work - https://github.com/wunderkraut/wunderhub/pull/66
Users need to have CRUD (minus D?) operations exposed to an API endpoint.
This needs to be as secure as possible. Drupal 8 currently supports the follwong types of authentication out of the box:
Are there other modules available to provide authentication providers? Is OA1 or HTTP Basic Auth enough?