Using token based authentication to login to the UI of JSReport



  • Hi, we're planning on using jsreport with token based authentication for both the API and the UI. I understand how it's supposed to work for the API side, but im not sure if it's possible to skip filling in your username/password when redirected through our web-application to JSReport.

    Some background: our application has 2 sides the consumer side is where we use the users bearer token to retrieve reports from JSReport. However there's also an admin side where admins are allowed to modify/create reports. We also want to make it possible for our admins to be redirected to JSReport without logging in, is this possible?


  • administrators

    hi! i see, hmm as far i can remember the token based authentication is only applied to the jsreport http API, the jsreport UI does not support it and it needs the normal login flow with user and password, so for now it is not possible. we introduced the token based auth as an experiment to see how many people were interested in it, so we did not cover the jsreport UI for token based auth, maybe in future we will add it.



  • Thank you for your reply. The solution im leaning towards right now is to let users use the same username/password as our main web application and write a custom plugin for verifying the users credentials.
    Does this sound feasible to you?
    Do you know if anything like this has been done before?


  • administrators

    Thank you for your reply. The solution im leaning towards right now is to let users use the same username/password as our main web application and write a custom plugin for verifying the users credentials.
    Does this sound feasible to you?
    Do you know if anything like this has been done before?

    yes, sounds good. we have done something like that in jsreportonline, in which we read users information from a different db. you can find the code here and specifically here is the part in which we start to add custom logic for custom authentication, of course you will need to analyze the full file (and probably other files too) to be able to understand it.

    it will be nice that adding such custom logic for authentication could be pluggable directly in jsreport-authentication so it will be more easy to customize for different cases. i will propose it and discuss it internally and maybe we can implement that in future to make it more easy.



  • Sounds great, ill dig into it!



  • A follow up question, is it possible to give every user who has access to jsreport access to everything (so without having to give access to each person for each file individually) with the authentication plugin enabled.
    Or perhaps to assign a user to a certain tag as a way to function as a user group?


  • administrators

    is it possible to give every user who has access to jsreport access to everything (so without having to give access to each person for each file individually) with the authentication plugin enabled

    yes, i think you can do that, by opening the user and checking these two fields

    0_1536078426967_Captura de pantalla 2018-09-04 a las 11.26.19 a.m..png

    so you will only need to activate the two fields instead of listing all entities for permissions.



  • Perfect that should do as a phase 1 implementation


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.