Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems (UXPROD-2598)

[UXPROD-2672] Implement "Third Party" OAuth2 Token Endpoint for D2IR (INN-Reach) Created: 21/Sep/20  Updated: 27/Oct/21  Resolved: 13/Oct/21

Status: Closed
Project: UX Product
Components: None
Affects versions: None
Fix versions: Kiwi (R3 2021)
Parent: Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems

Type: New Feature Priority: P1
Reporter: Brooks Travis Assignee: Brooks Travis
Resolution: Done Votes: 0
Labels: consortia
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
is defined by EDGINREACH-2 Provide "Third Party" OAuth2 Token En... Closed
is defined by MODINREACH-1 Store an API Key and Secret Pair for ... Closed
is defined by MODINREACH-41 Provide API to Store an API Key and S... Closed
is defined by UIINREACH-4 INN-Reach General Settings: Central S... Closed
Requires
is required by UXPROD-2711 Implement Required Local Requests-rel... Closed
is required by UXPROD-2761 Implement Required Local Circulation-... Closed
is required by UXPROD-2763 Implement Required Local API Endpoint... Closed
Epic Link: Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems
Development Team: Volaris
PO Rank: 99
PO Ranking Note: This is required before any communication can occur between the Central INN-Reach/D2IR server and FOLIO.
Rank: Chicago (MVP Sum 2020): R4
Rank: Cornell (Full Sum 2021): R5
Rank: Duke (Full Sum 2021): R5
Rank: 5Colleges (Full Jul 2021): R5
Rank: GBV (MVP Sum 2020): R5
Rank: Grand Valley (Full Sum 2021): R2
Rank: MO State (MVP June 2020): R2
Rank: TAMU (MVP Jan 2021): R5
Rank: U of AL (MVP Oct 2020): R5

 Description   

Current situation or problem:
The Direct to INN-Reach (D2IR) APIs require a Bearer Auth token for authentication, and the central server must request such a token from FOLIO prior to calling any D2IR API endpoints provided by FOLIO. However D2IR integration is implemented in FOLIO, the module(s) will need to provide facility to issue Bearer Auth tokens to the central server with these requirements:

An API Key and Secret, which should be concatenated together with a ":" and then base64-encoded.

Content-type header: application/x-www-form-urlencoded

grant_type: client_credentials&scope=innreach_tp

Here is an example from the API Documentation (v2.3, pg. 8):

curl -X POST http://rd-mock.polarislibrary.com/innreach/v2/oauth2/ token -H 'Accept: application/json'
   -H 'Authorization: Basic
   ZmQ1OTdlXmItMjNkLS00ZWZiLAE0ZjUtN2Y2NJFhNDc2Njk2OjVhMjcxMjdhLUk0YmUtNG
   JhYi05MDMzLWI1MmFjMzkxOTQ3Yg=='
   -H 'Content-Type: application/x-www-form-urlencoded'
   -d 'grant_type=client_credentials&scope=innreach_tp'

Sample response:

{
"access_token": "06b42df732f628ae2c3764d86073cd76", 
"token_type": "Bearer",
"expires_in": 599
}

Tokens are valid for 600 seconds. Expired tokens result in "401 Unauthorized" response.

Note: Endpoints should be versioned (/innreach/v1, /innreach/v2, etc.)

In scope
API Endpoint to provide OAuth2 Bearer Tokens to a client based on supplied Base64-encoded key/secret pair.

Out of scope
API client for requesting OAuth2 Bearer Tokens from Central Server based on supplied Base64-encoded ket/secret pair

Questions

  • How are key/secret pairs generated, stored, invalidated?
  • How do we verify provided tokens?
  • How does authorization interact with FOLIO's built-in permissions?

Generated at Fri Feb 09 00:25:54 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.