Hi All,
Please I would like to know if is it possible to add authentification directly in URL
Example: username:password@[dhisUrl]/api/…
Best
Hi All,
Please I would like to know if is it possible to add authentification directly in URL
Example: username:password@[dhisUrl]/api/…
Best
Hi Hakim
No, that is not possible and would not be a good idea since your credentials would be visible in the request itself.
You will need to use a basic authentication header for this as described in the manual:
https://docs.dhis2.org/master/en/developer/html/webapi_authentication.html
Regards,
Jason
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049
ok I see the point of view
thank you jason!
2018-06-08 9:35 GMT+00:00 Jason Pickering jason.p.pickering@gmail.com:
Hi Hakim
No, that is not possible and would not be a good idea since your credentials would be visible in the request itself.
You will need to use a basic authentication header for this as described in the manual:
https://docs.dhis2.org/master/en/developer/html/webapi_authentication.html
Regards,
Jason
On Fri, Jun 8, 2018 at 11:19 AM DJIBRIL Hakim djib.hakim@gmail.com wrote:
Hi All,
Please I would like to know if is it possible to add authentification directly in URL
Example: username:password@[dhisUrl]/api/…
Best
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049
–
This is not really a dhis2 thing so much as a change in browser
behaviour. In times gone by when you presented a url like
"https://admin:district@play.dhis2.org/dev/api/me" the browser would
take that url and create the basic authentication header that Jason
refers to.
After a couple of wobbles along the way since 2014, this is no longer
the default behaviour on any of the major browsers. Its really
because URLs find themselves in history, bookmarks, log files etc.
which are not appropriate places to be storing credentials.
(sections 3.2.1 and 7.5 of https://www.ietf.org/rfc/rfc3986.txt\)
Chrome held out the longest, but is now also compliant with the new behaviour.
On 8 June 2018 at 10:51, DJIBRIL Hakim <djib.hakim@gmail.com> wrote:
ok I see the point of view
thank you jason!2018-06-08 9:35 GMT+00:00 Jason Pickering <jason.p.pickering@gmail.com>:
Hi Hakim
No, that is not possible and would not be a good idea since your
credentials would be visible in the request itself.
You will need to use a basic authentication header for this as described
in the manual:Regards,
JasonOn Fri, Jun 8, 2018 at 11:19 AM DJIBRIL Hakim <djib.hakim@gmail.com> >> wrote:
Hi All,
Please I would like to know if is it possible to add authentification
directly in URL
Example: username:password@[dhisUrl]/api/.....Best
_______________________________________________
Mailing list: DHIS 2 developers in Launchpad
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : DHIS 2 developers in Launchpad
More help : ListHelp - Launchpad Help--
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049_______________________________________________
Mailing list: DHIS 2 developers in Launchpad
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : DHIS 2 developers in Launchpad
More help : ListHelp - Launchpad Help
Hi Djibril,
just a note, GET requests / URLs are often cached by intermediary caches/proxies/servers on the web (as per the HTTP spec) so if you do this you should consider your credentials to be public knowledge.
regards,
Lars
Lars Helge Øverland
Technical lead, DHIS 2
University of Oslo