Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for API keys via query #580

Open
heidivanparys opened this issue Feb 5, 2021 · 6 comments
Open

Support for API keys via query #580

heidivanparys opened this issue Feb 5, 2021 · 6 comments
Assignees
@dstenger @bpross-52n @ghobona
Labels
enhancement

Comments

@heidivanparys
Copy link

The test suite does not seem to take into account that the API may have implemented security by means of an API key via a query.

E.g. the Oceanographic Observation API by the Danish Meteorological Institute:

When testing this API, it says that no conformance classes could be found, although they are present. It seems to be a matter of:

  • constructing the path correct (query parameter always at the end)
  • updating the "matching" functionality, so query parameters are not taken into account

image

image

image

image

image
@dstenger
Copy link
Contributor

dstenger commented Feb 5, 2021
edited
Loading

When I construct the path manually https://dmigw.govcloud.dk/v2/oceanObs/conformance, I get a 403 status code as response.
Thus, it seems that the API key is missing.

Currently, this test suite/ TEAM Engine are not supporting an API key.
If I understand you correctly, there must be an user input field to pass a valid API key to the test suite?

@heidivanparys
Copy link
Author

If I understand you correctly, there must be an user input field to pass a valid API key to the test suite?

I don't know what the best way to handle this would be. And I don't know how many other security schemes the ETS is reasonably should be able to handle (@cportele is that a discussion for the SWG?).

What I did so far, is supply the API key as part of the IUT:

image

So in the same way as I do in QGIS (3.16 or higher, see qgis/QGIS#38436 and qgis/QGIS#38738):

image

@dstenger
Copy link
Contributor

dstenger commented Feb 5, 2021

Thank you for your input. We will discuss this in the CITE team.

@cportele
Copy link
Member

cportele commented Feb 8, 2021

@cportele is that a discussion for the SWG?

It would be nice to have examples for typical cases of security schemes - not as part of the standard, but separately, e.g. in the Guide. If someone would provide a draft I am sure the SWG would look at it and see how this could be published.

@ghobona
Copy link
Contributor

ghobona commented Feb 8, 2021

Support for API keys is not currently supported by the ETS. However, @securedimensions recently guided the security aspects of the September 2020 OGC API code sprint. He might know of examples of implementations of different security schemes in OGC APIs.

Support for security schemes is something that we would like to support in TEAM Engine.

@ghobona ghobona transferred this issue from opengeospatial/ets-ogcapi-features10 May 4, 2023
@ghobona ghobona mentioned this issue Sep 7, 2023
Open
@ghobona
Copy link
Contributor

ghobona commented Sep 7, 2023

A solution to this issue could also be applied to opengeospatial/ets-ogcapi-processes10#47

That is, if the solution supports authentication through query parameters and headers.

@dstenger dstenger added this to CITE Aug 1, 2024
@dstenger dstenger moved this to To do in CITE Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dstenger dstenger

@bpross-52n bpross-52n

@ghobona ghobona

Labels
enhancement
Projects
CITE
Status: To do
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dstenger @bpross-52n @cportele @heidivanparys @keshavnangare @ghobona