Skip to main content

Notice

We are in the process of rolling out a soft launch of the RDA website, which includes a new member platform. Existing RDA members PLEASE REACTIVATE YOUR ACCOUNT using this link: https://rda-login.wicketcloud.com/users/confirmation. Visitors may encounter functionality issues with group pages, navigation, missing content, broken links, etc. As you explore the new site, please provide your feedback using the UserSnap tool on the bottom right corner of each page. Thank you for your understanding and support as we work through all issues as quickly as possible. Stay updated about upcoming features and functionalities: https://www.rd-alliance.org/rda-web-platform-upcoming-features-and-functionalities/

Who We Are
What We Do
What We Work On
Get Involved
Events
RDA Groups
News & Media

Authentication problem

  • Creator
    Discussion
  • February 15, 2017 at 8:56 pm #80981

    RDA Admin
    Member

    Dear all,
    In the API, we have read and write calls to the same endpoint. For example:
    /collections/{id}/members/
    When sending a GET request, it means “Get the members in that
    collection”. If sending a POST, it means “Add a new member to this
    collection”.
    When having only one endpoint for both kind of operations, any
    differentiation between read/write calls has to be done *on the
    application level*. In other words, it has to be *implemented* in the
    instance of the collection API. It is no longer possible to just put
    write functionality behind Shibboleth, OpenID or whatever and leave the
    read functionality without such an authorization.
    And as far as I know, it is not possible to make already on the level of
    an AAI solution a differentiation between GET on the one and POST, PUT,
    DELETE calls on the other hand …. ?
    Best,
    Tom

  • Creator
    Discussion

Log in to reply.