-
Notifications
You must be signed in to change notification settings - Fork 118
Token Authentication for External Services
In the large image solution pack viewing would fail when trying to access datastreams locked down via XACML. This was because the third party services of SeaDragon and Djatoka can not pass through the Drupal credentials to the requests they send to Fedora (Drupal->SeaDragon->Djatoka->Fedora).
The solution we use is token authentication. We proxy Fedora in Drupal where we can send the right credentials ourselves (Drupal->SeaDragon->Djatoka->Drupal->Fedora). The token identifies an allowed proxy event. The token has a timeout, a limited number of uses, and is limited to PID and DSID. XACML can be applied globaly so when the large image needs to display it's JP2 it always uses token authentication.
This is the relevant code for anyone needing to use the token authentication in another module:
// Get token to allow access to XACML protected datastreams.
// Always use token authentication in case there is a global policy.
module_load_include('inc', 'islandora', 'includes/islandora_authtokens');
$token = islandora_get_object_token($islandora_object->id, 'JP2', 2);
$jp2_url = url("islandora/object/{$islandora_object->id}/datastream/JP2/view",
array(
'absolute' => TRUE,
'query' => array('token' => $token),
));
// Display large image
$viewer = islandora_get_viewer($jp2_url, 'islandora_large_image_viewers');
You may be looking for the islandora-community wiki · new to islandora? · community calendar · interest groups