Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

return user id (UUID) in the X-Okapi-User-Id header

Description

We need this information for audit/logging purposes, e.g to register operatorId for the loan objects.

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Jakub Skoczen August 3, 2017 at 12:55 PM

It was also added to the token as user_id.

Jakub Skoczen July 27, 2017 at 1:42 PM

Guys, just a note that the X-Okapi-User-Id should include the UUID of the user (not the user login name, since we are dropping it's use as a foreign key, see https://folio-org.atlassian.net/browse/MODUSERS-30#icft=MODUSERS-30).

Will this also mean that the contents of the token changes?

Heikki Levanto July 27, 2017 at 11:44 AM

Just like with the tenant-Id, mod-authtoken should check that if it sees a X-Okapi-User-Id header, then the value should match the one in the token. That way, malicious clients can try to set up a different one, and we will catch them. If it does not see a X-Okapi-User-Id header, it should just extract the value from the token, and return that in X-Okapi-User-Id.

Done

Details

Assignee

Reporter

Labels

Priority

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created July 26, 2017 at 9:18 AM
Updated August 3, 2017 at 12:55 PM
Resolved July 31, 2017 at 5:01 PM
Configure
TestRail: Cases
TestRail: Runs

Flag notifications