octavian_krody
3 years agoGuide
How to authenticate rest api calls using technical users for server to server use (SSO enabled)?
Hello,
Been reading the docs and for a community with SSO enabled we've seen 3 means of achieving rest api access.
- OAuth 2.0 authorization grant flow
To make a fully-automated server-to-server API call, do not use OAuth; authenticate with a session key or SSO token instead.
So we cannot use `Api Apps` in our server to server needs
- LithiumSSO token
"Place the encryption key on the user system server".
We cannot access that as the IDP we are using is shared across many other instances, getting hold of a private key like that doesn't sound right to me.
We do not have access to the private key, maybe I read that wrong?
As per About SSO
"Khoros issues the LithiumSSO libraries (Java, .NET, or PHP) and a unique encryption key for each deployment."
Where can we find the encryption key, as Admin > System > SSO has no such thing?
Does the client only work with your SSO provider or with any? I'm unsure if our community works directly with our IDP or goes through lithium in the first place as there is no information regarding this in the admin options.
Where can we see the source code for provided jars? - Session key
Works for users not having a SSO ID with basic auth.
From what I can tell it seems that we can only use the Session key approach, is this correct?
octavian_krody, In this case you can use the session key based approach as you want to write/permission based access.
It is okay for two types to exist simultaneously, but that user can only use the API as the default auth pages are blocked when SSO is enabled.