New API auth mechanism for SPA frontend requests to APIs (developers only for now) #9063
Labels
Feature: API
NIH OTA: 1.7.1 (reArchitecture)
7 | 1.7.1 | Research & architecture for separating backend and frontend to enable a flexible, sca...
pm.GREI-d-1.7.1
NIH, yr1, aim7, task1: Research & architecture for separating backend and frontend
User Role: API User
Makes use of APIs
Milestone
Overview of the Feature Request
In order to use a Single Page Application (SPA) architecture, the SPA (written in React, Vue, Angular, Web Components, etc.) needs to be able to authenticate against Dataverse APIs.
What kind of user is the feature intended for?
Frontend developers using React or similar.
What inspired the request?
https://github.com/GPortas/dataverse-react-poc by @GPortas relies on a fork of Dataverse at https://github.com/GPortas/dataverse/tree/session_api_auth that allows a JSESSIONID session cookie to be used to auth against the Dataverse APIs.
To use the words from the README:
"In particular, this PoC focuses on testing the following points:
It is necessary to locally deploy Dataverse with this branch: https://github.com/GPortas/dataverse/tree/session_api_auth
That branch has the JSESSIONID cookie Native API auth implemented, necessary for this PoC."
Any related code?
If we were to accept the changes as-is, they can be previewed here:
develop...GPortas:dataverse:session_api_auth
Any related open or closed issues?
The text was updated successfully, but these errors were encountered: