Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems (UXPROD-2598)

[UXPROD-2673] Implement Oauth2 Consumer for Requesting D2IR (INN-Reach) OAuth2 Tokens Created: 21/Sep/20  Updated: 17/Mar/22  Resolved: 24/Sep/21

Status: Closed
Project: UX Product
Components: None
Affects versions: None
Fix versions: Kiwi (R3 2021)
Parent: Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems

Type: New Feature Priority: P1
Reporter: Brooks Travis Assignee: Brooks Travis
Resolution: Done Votes: 0
Labels: consortia
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
is defined by MODINREACH-9 Store INN-Reach/D2IR API Oauth2 Keys ... Closed
Requires
is required by UXPROD-2764 Record Contribution Enhancements/Ongo... Closed
is required by UXPROD-3615 Record Contribution Enhancements ("Bi... Closed
is required by UXPROD-2765 Contribute Inventory Item Records ("I... Closed
is required by UXPROD-2777 INN-Reach: Submit Local Server Locati... Closed
is required by UXPROD-2778 Manage a Map of Local Patron Groups t... Closed
is required by UXPROD-2779 Retrieve List of Local Servers in an ... Closed
is required by UXPROD-2782 Handle Check-In of INN-Reach Items Closed
is required by UXPROD-2783 Handle Recall of INN-Reach Loans By P... Closed
is required by UXPROD-2786 Handle Checkout of INN-Reach Items Fr... Closed
is required by UXPROD-2787 Handle INN-Reach Borrower Renewal Req... Closed
is required by UXPROD-2788 Handle "Move Request" Action on INN-R... Closed
is required by UXPROD-2789 Handle "Claimed Returned" on INN-Reac... Closed
Epic Link: Add Support for D2IR API Integration with INN-Reach Resource Sharing Systems
Development Team: Volaris
PO Rank: 100
Rank: Chicago (MVP Sum 2020): R4
Rank: Cornell (Full Sum 2021): R5
Rank: Duke (Full Sum 2021): R5
Rank: 5Colleges (Full Jul 2021): R5
Rank: GBV (MVP Sum 2020): R5
Rank: Grand Valley (Full Sum 2021): R2
Rank: MO State (MVP June 2020): R2
Rank: TAMU (MVP Jan 2021): R5
Rank: U of AL (MVP Oct 2020): R5

 Description   

Current situation or problem:
In order to make D2IR API called to the central INN-Reach server, FOLIO must have a valid Bearer Auth token. These tokens are generated by POSTing a request to a configuration-specified API endpoint using a client key and secret combination. Key and secret should be concatenated together using a ":" and base64 encoded.

Sample request:

curl -X POST https://rssandbox-api.iii.com/auth/v1/oauth2/token -H 'Authorization: Basic YjU0ZTU2YzgtMGNlNi00MzhjLTk3NzktYzcyMWIxY2RjMz ZhOjFjYjQ4YjNmLTE1OTAtNDc0YS1iMDhhLWZjNDRlMjczMTlmOQ=='
   -H 'Content- Type: application/x-www-form-urlencoded'
   -d 'grant_type=client_credentials&scope=innreach_tp'

Sample Response:

{
"access_token": "06b42df732f628ae2c3764d86073cd76", 
"token_type": "Bearer",
"expires_in": 599
}

Issued tokens are valid for 600 seconds. Expired tokens result in a 401 Unauthorized response from the server. Client should handle these responses and request a new token when needed.

In scope
API client for requesting OAuth2 Bearer Tokens from Central Server based on supplied Base64-encoded ket/secret pair

Out of scope
API Endpoint to provide OAuth2 Bearer Tokens to a client based on supplied Base64-encoded key/secret pair.

Use case(s)
All API calls from FOLIO to INN-Reach central server require an Oauth2 Bearer Authentication token to be included in the request headers. FOLIO must request a new token before attempting any other API calls.

Proposed solution/stories
Given a known API key/secret combination issued by the INN-Reach Central Server, the edge-inn-reach module should issue a request to the Central Server Oauth2 api to request a valid Bearer Auth token and store it for subsequent use, and request a new token when the previous one expires.

Questions

  • How do we store the API key/secret pair issues by the D2IR Central Server?
  • Should a new token be requested for each transaction with the server, or stored and re-used until expiration?

Generated at Fri Feb 09 00:25:55 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.