<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:08:10 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-765] Ability to fetch some configuration before logging in</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-765</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;STCOR-51&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/STCOR-51&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Select a Translation Library for the Textual Elements in the UI&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            STCOR-51
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
, to do with establishing the locale for Stripes, raises a more general problem.&lt;/p&gt;

&lt;p&gt;We fetch the locale from mod-configuration, which needs an Okapi authentication token so that it can establish whether the necessary permissions are associated with the user. (But also because we might well want to get a user-specific locale &amp;#8211; for example, a Spanish-speaking student at a primarily anglophone Texan university might prefer a Spanish-language FOLIO.)&lt;/p&gt;

&lt;p&gt;But we also need the locale &lt;em&gt;before&lt;/em&gt; login &amp;#8211; for example, so we know what language we should present the login message in. So we need the ability to query the configuration module both without and with  logged-in user.&lt;/p&gt;

&lt;p&gt;I&apos;d welcome thoughts on how we might achieve this this: allowing non-logged-in access to (at least some of) mod-configuration, but without losing the option of doing user-specific mod-configuration options such as fetching a per-user locale &lt;em&gt;after&lt;/em&gt; login. For example, might we change mod-configuration so that certain properties &#8211; e.g. those with moduleName=GLOBAL &#8211; can be searched for and fetched with no permissions?&lt;/p&gt;

&lt;p&gt;I am filing this in the high-level FOLIO project because it&apos;s a cross-cutting issue with implications for the UI, the configuration module, and perhaps also for Okapi and the permissions system.&lt;/p&gt;</description>
                <environment></environment>
        <key id="79406">FOLIO-765</key>
            <summary>Ability to fetch some configuration before logging in</summary>
                <type id="10002" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium">New Feature</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5bffed52a1b46046f530c8f7">Mike Taylor</reporter>
                                    <labels>
                    </labels>
                <created>Wed, 9 Aug 2017 08:49:24 +0000</created>
                <updated>Fri, 18 Jan 2019 12:47:53 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>8</watches>
                                                    <timespent seconds="3600">1 hour</timespent>
                                <comments>
                                                            <comment id="190866" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 9 Aug 2017 08:53:19 +0000"  >&lt;p&gt;I&apos;ll repeat my comment from STRIPES-447:&lt;/p&gt;

&lt;p&gt;Would fetching the &quot;locale&quot; information DURING login (as part of the login response) be enough? This can be done in mod-users-bl and would be aligned with the future direction for FOLIO (where locale can be set both on the tenant and user level).&lt;/p&gt;

&lt;p&gt;I am not in favor of a solution where we loosen (or circumvent) permission mechanism to fulfill specific use cases.&lt;/p&gt;</comment>
                                                            <comment id="190870" author="5bffed52a1b46046f530c8f7" created="Wed, 9 Aug 2017 09:13:48 +0000"  >&lt;p&gt;Nice idea, but in general we need configuration &lt;em&gt;before&lt;/em&gt; we log in &amp;#8211; for example, to choose the language of the Login page.&lt;/p&gt;

&lt;p&gt;I agree that loosening the permission model for a specific case is unappealing. But it doesn&apos;t seem unlikely that we will find other such cases down the line. Perhaps what we really need at this stage is a solid model for permissionless operations in general. (After all, we already have a class of special permissionless requests &amp;#8211; &lt;tt&gt;/_/proxy/modules&lt;/tt&gt;, for example.)&lt;/p&gt;

&lt;p&gt;One approach would be to have a new module, mod-anonymous-configuration, which simply has the relevant mod-configuration permissions in its module permissions, and which carefully forwards a well-defined subset of requests to the underlying mod-configuration.&lt;/p&gt;</comment>
                                                            <comment id="190873" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 9 Aug 2017 09:25:32 +0000"  >&lt;p&gt;We are closing the gap on /_ with the concept of &quot;internal module&quot; so all endpoints will be subject to permission checks (this will allow to reden okapi-console as a standard FOLIO app for example).&lt;/p&gt;

&lt;p&gt;I think we can agree that there is some tenant-level configuration that should be accessible to the UI immediately. Maybe it would make sense to &quot;inject&quot; that configuration into the UI bundle (since the bundle will be eventually generated per-tenant) during build?&lt;/p&gt;</comment>
                                                            <comment id="190875" author="712020:38d1a08f-86a8-4df2-9191-239b16b0a81a" created="Wed, 9 Aug 2017 09:26:22 +0000"  >&lt;p&gt;Hmm, as such there is not reason why a module could not serve requests without requiring the user to have any permissions. Such work all right without the user having logged in at all. That is exactly what happens with mod-login, the login request can obviously not have an auth token.&lt;/p&gt;

&lt;p&gt;Of course, when making a request without the token, you will have to pass the X-Okapi-Tenant header, so we know which tenant you are talking about. I understand the Stripes bundle has that information available, since it needs it for login requests. &lt;/p&gt;

&lt;p&gt;(As to the proxy/modules, some functions there will soon require permissions, as they well should. Just reading available modules should still be open for everyone, even without a token)&lt;/p&gt;</comment>
                                                            <comment id="190879" author="5bffed52a1b46046f530c8f7" created="Wed, 9 Aug 2017 09:30:42 +0000"  >&lt;p&gt;Yes, Stripes knows what tenant it is running for.&lt;/p&gt;

&lt;p&gt;Putting together that various things that have been said here, it seems like my suggestion of a mod-anonymous-configuration module proxying a subset of requests to mod-configuration may be the way to go: I think it will work without needing any changes to underlying code, and it makes use of existing mechanisms for eliding the permission requirements.&lt;/p&gt;</comment>
                                                            <comment id="190882" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 9 Aug 2017 09:39:20 +0000"  >&lt;p&gt;Not sure why we would need an entirely new module? Possibly, just an endpoint with no permissions for reading selected values.&lt;/p&gt;

&lt;p&gt;Still, referring to what Heikki said earlier &amp;#8211; yes, it&apos;s technically possible to have endpoints that require no authentication (no authorization can be of course allowed by not setting any permissions). But I don&apos;t think we should allow it &amp;#8211; there are reasons for wanting to track who is using a service, even if the service is open/require no permissions (audit, logging, etc).&lt;/p&gt;</comment>
                                                            <comment id="190886" author="5bffed52a1b46046f530c8f7" created="Wed, 9 Aug 2017 10:14:41 +0000"  >&lt;blockquote&gt;&lt;p&gt;Not sure why we would need an entirely new module? Possibly, just an endpoint with no permissions for reading selected values.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;What I am referring to is a module with no functionality (apart from request filtering and pass-through) which would exist only to furnish the necessary module-permissions to the module doing the real work.&lt;/p&gt;

&lt;p&gt;One could easily imagine such a module existing in a form that is configured by a separate file, and deploying it as a front-end for many different &quot;real&quot; modules, as mod-anonymous-configuration, mod-anonymous-users, or whatever we found we needed. It seems like a good general-purpose mechanism that uses what we already have an needs minimal additional work.&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;yes, it&apos;s technically possible to have endpoints that require no authentication (no authorization can be of course allowed by not setting any permissions). But I don&apos;t think we should allow it &#8211; there are reasons for wanting to track who is using a service, even if the service is open/require no permissions (audit, logging, etc).&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Sure &amp;#8211; but the issue here is to do with accesses when &lt;em&gt;there is no user&lt;/em&gt;. As in the motivating example of deciding what locale to use when presenting the login screen.&lt;/p&gt;</comment>
                                                            <comment id="190889" author="712020:32bb56ac-50e7-4787-b4af-ed3089d9401c" created="Wed, 9 Aug 2017 11:00:59 +0000"  >&lt;p&gt;a question - i may be off with this, but - i assume a tenant may want a custom login screen (with the institution&apos;s logo? whatever...)&lt;br/&gt;
how is this handled? - and can a default locale be handled in the same way for the institution - after initial sign-in by the user belonging to that tenant - they can configure a default language and this is saved locally (cookie, or something) for pending login attempts (requests for the login screen and then be accompanied by the preferred locale&lt;/p&gt;</comment>
                                                            <comment id="190891" author="5bffed52a1b46046f530c8f7" created="Wed, 9 Aug 2017 11:03:59 +0000"  >&lt;p&gt;Tenant-wide customisation like this &lt;em&gt;could&lt;/em&gt; be hardwired into the JS bundle that we generate for the tenant; or (more elegant, I think) it could be determined by tenant-level configuration information drawn from mod-configuration.&lt;/p&gt;

&lt;p&gt;But when you ask &quot;how is this handled?&quot; (as in, today) the answer is &quot;it&apos;s not&quot;. That is part of what we&apos;re designing here and now &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;
</comment>
                                                            <comment id="190895" author="557058:ff6a9612-bb35-41b2-88a8-a5b66d0a41a0" created="Wed, 9 Aug 2017 12:03:53 +0000"  >&lt;p&gt;I don&apos;t know much about how the backend is structured but I like the separate module idea. It could be potentially used for other public things in the future. Another approach here could be to just make the locale configurable from stripes (in a similar fashion to the tenant).&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="61633">STCOR-51</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzxx1z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 9 Aug 2017 08:53:19 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>