[arvados-dev] API Authentication Options from C#

Albrecht, Tom tom.albrecht at roche.com
Wed Jul 19 02:31:49 EDT 2017 

Hi Tom,

thanks so much for taking time to answer my question. As far as I
understand, you describe the login procedure laid out in
http://doc.arvados.org/api/tokens.html.

The core of my question actually concerns navigating to
https://your-apiserver-host/login
<https://your-apiserver-host/login?return_to=https://your-application-host/any/desired/path>.
Am I right that this *requires *an actual *web browser* like Internet
Explorer or Chrome? I am calling the API from a C# application without a UI
or Web Browser, so ideally I would like to be able to log in without
actually displaying a web page in an actual browser once I got the username
and password, e.g. on the command line or a simple .net GUI. Do you see a
way to do this?
I saw the suggestion in the documentation to copy-paste the token from the
work bench to the command line to define an environment variable, but that
does not seem appropriate for our users. Other APIs offer the option to
pass https://your-apiserver-host/login
<https://your-apiserver-host/login?return_to=https://your-application-host/any/desired/path>/?username=XXX?password=XXX,
but it seems like Arvados purposely does not allow this possibility.

Best regards

Thomas

On Tue, Jul 18, 2017 at 10:22 PM, Tom Clegg <tom at curoverse.com> wrote:

> Hi Thomas,
>
> Your application can give the user a link/redirect to a URL like this:
>
> https://your-apiserver-host/login?return_to=https://your-
> application-host/any/desired/path
>
> (Of course the "return_to" value should be suitably escaped.)
>
> After a successful login, the user will be redirected to
> https://your-application-host/any/desired/path?api_token=X, where X is
> of course the newly issued token, and your application can take it
> from there -- typically saving X in a session store and redirecting to
> a cleaned URL so the api_token doesn't remain in the browser's
> Location bar.
>
> This is the same procedure Arvados Workbench uses, so it might be
> helpful to refer to the Workbench code as examples. Here are some of
> the relevant bits.
>
> https://github.com/curoverse/arvados/blob/master/apps/
> workbench/app/controllers/application_controller.rb#L511
>
> https://github.com/curoverse/arvados/blob/master/apps/
> workbench/app/models/arvados_api_client.rb#L232-L244
>
> https://github.com/curoverse/arvados/blob/master/apps/
> workbench/app/controllers/application_controller.rb#L586-L597
>
> --
> Tom Clegg
> Chief Architect
> Curoverse
>
>
> On Tue, Jul 18, 2017 at 3:52 AM, Albrecht, Tom <tom.albrecht at roche.com>
> wrote:
> > Hi,
> >
> > I hope you point me in a direction to achieve an elegant authentication
> for
> > my Arvados API application.
> >
> > I am developing a plugin for a third-party software to download data from
> > our Arvados server. The software dictates the language and platform: C# /
> > .net and Windows. I managed to access the data using .net's
> > System.Net.HttpWebRequest class. What remains to be done is implementing
> an
> > elegant authentication.
> >
> > As a workaround, I logged into the Arvados Workbench using my browser and
> > copy-pasted the authentication token into my application. This works but
> is
> > not as user-friendly as I would like it to be. So my question is how to
> > achieve the authentication more elegantly without a web browser, for
> > instance by passing username and password to the API up front or using
> some
> > kind of single sign-on functionality available in .net.
> >
> > Do you have any suggestions?
> >
> > Best regards
> >
> > Thomas
> >
> >
> > _______________________________________________
> > arvados-dev mailing list
> > arvados-dev at arvados.org
> > http://lists.arvados.org/mailman/listinfo/arvados-dev
> >
>



-- 

*Thomas Albrecht, PhD*

Senior Scientist

SIAD Solution Delivery & Architecture, pRED Informatics

Roche Pharma Research and Early Development


Roche Innovation Center Basel


F. Hoffmann-La Roche Ltd
Grenzacherstrasse 124
4070 Basel

Switzerland


Building: 92 / 7.01.09

Phone: +41 61 687 9804


*Confidentiality Note: This message is intended only for the use of the
named recipient(s) and may contain confidential and/or proprietary
information. If you are not the intended recipient, please contact the
sender and delete this message. Any unauthorized use of the information
contained in this message is prohibited.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arvados.org/pipermail/arvados-dev/attachments/20170719/06ce2210/attachment.html>

More information about the arvados-dev mailing list