Dear FIWARE coach, we forward you a support request received from a CreatiFI applicant we are not able to solve. Please let us know if you need direct contact with the submitter. Thanks. ********************************************************* We are using WStore for handling all store and purchase related aspects of our project. We are running WStore using the standard WStore image in fiware labs. For this, we need to authenticate on the WStore. Users will be created on our platform. As a result, what we need is a way to authenticate on WStore and linking that authenticated user (WStore-user) to the user on our platform (THEO-user). It is not possible for us to use the Keyrock idM GE Our initial approach to resolve this was to let WStore use oauth and the platforms authentication mechanism. However, after discussing with Francisco de la Vega, it would appear this is not implemented in WStore and additional extensions are to be made in order to integrate with an external identity management system. As we are not skilled python programmers and for maintenance reasons, we prefer not to extend WStore with support for this unless there is an easy way for this to be done (preferably with a working example and a list of the API calls to be provided by the platform). We attempted to make our platform mock the fiware Keyrock idM (and mimic the API and handlers), setting OILAUTH = True and FIWARE_IDM_ENDPOINT = ' http://auth.theoplayer.com:3000/login' in the settings.py file. This was unsuccessful as opening WStore resulted in the following error: WrongBackend at /login/fiware/ Incorrect authentication service "fiware" Request Method: GET Request URL: http://130.206.83.32/login/fiware/ Django Version: 1.4.13 Exception Type: WrongBackend Exception Value: Incorrect authentication service "fiware" Exception Location: /opt/wstore/src/virtenv/lib/python2.7/site-packages/social_auth/decorators.py in wrapper, line 28 Python Executable: /usr/bin/python Python Version: 2.7.6 Python Path: ['/opt/wstore/src/virtenv/lib/python2.7/site-packages', '/opt/wstore/src', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages'] As a result, our new approach would be to use the WStore embedded authentication system. It would be possible to create a WStore-user using an API call when creating a THEO-user on our system using a random generated password and username. We understand this will require us to obtain an access token from an admin account (1). Once this WStore-user has been created and the THEO-user indicates he wants to perform a purchase, the platform will obtain an access token for the THEO-user's WStore-user account (2) and perform REST API calls in order to retrieve or update the information from WStore. As the WStore embedded authentication system is an oauth system, we were hoping to use Resource Owner Password Credentials Grant in order to obtain an access token for (1) or (2). However, it would appear this grant type is not implemented in WStore. It would appear there is no grant type available in WStore in order to retrieve an access token via server2server communication alone. As a final solution, we are now looking into injecting (or updating) access tokens directly in the WStore database and are looking into information on how this can be done. More specifically we are looking at the tables and records which should be updated/inserted in order to achieve this. Preferably, access tokens would be eternal with extremely high expiration times in order to reduce the number of WStore database manipulations. Would it be possible to provide us with information how we can integrate this authentication? The main preference is still to use our own platform authentication, but without updating WStore. Thanks ********************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-creatifi-coaching/attachments/20150313/213d43a6/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy