Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create API Token programmatically (not through UI) #7005

Closed
syats opened this issue Jun 21, 2020 · 5 comments
Closed

Create API Token programmatically (not through UI) #7005

syats opened this issue Jun 21, 2020 · 5 comments

Comments

@syats
Copy link

syats commented Jun 21, 2020

I have several DV users authenticated using an OAuth 2.0 provider.

They want to retrieve, via API, un-published datasets, but it would be necessary that they only have access to documents as per the DV access controls.

Right now, the only way to do this is to have them go into the DV UI, log in (using OAuth), fetch their token, and do the API requests using this token. Of course, they would have to do this everytime the token expires, and would have to keep the token themselves, effectively negating the use of OAuth.

Is there a way for them to programatically get their API token using their OAuth credentials?

One way to achieve this would be to have OAuth 2.0 tokens be used as DV tokens, and then use the standard bearer token header that APIs using OAuth2.0 use.

I see in the dataverse-android repo that there was an idea to do this at some point, but the issue was closed without this functionality. Or am I missing something?

Thanks,
V.

@djbrooke
Copy link
Contributor

Hey @syats, I don't think there's a way to get an API token programmatically. This seems like a good idea but I'm not sure of the technical details of the implementation. I'll update the title of this issue to more closely match your bold text above.

@djbrooke djbrooke changed the title API access for OAuth 2.0 users, possible? Create API Token programmatically (not through UI) Jun 22, 2020
@pdurbin
Copy link
Member

pdurbin commented Jun 22, 2020

everytime the token expires

@syats I'm not sure how much this helps but it's at least possible to re-create your API token via API: http://guides.dataverse.org/en/4.20/api/native-api.html#users-token-management

During the Dataverse Community Meeting last week we were reminded that people want more flexibility with regard to API tokens. In particular, there are times when people don't want to be using the regular, full power API token. They only want to use something that gives them read only access to download files, for example.

@pdurbin
Copy link
Member

pdurbin commented Oct 1, 2022

They only want to use something that gives them read only access to download files, for example.

Related:

@cmbz
Copy link

cmbz commented Aug 20, 2024

To focus on the most important features and bugs, we are closing issues created before 2020 (version 5.0) that are not new feature requests with the label 'Type: Feature'.

If you created this issue and you feel the team should revisit this decision, please reopen the issue and leave a comment.

@cmbz cmbz closed this as completed Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants