You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While investigating LCF Issue 328, relating to profile validation, I was building a PoC for iterating over the Patron entities, by retrieving a list of entities, and then performing a GET for each one. The list function works as expected, however, the individual GET for a specific record fails with a HTTP/403 Forbidden message.
While investigating LCF Issue 328, relating to profile validation, I was building a PoC for iterating over the Patron entities, by retrieving a list of entities, and then performing a GET for each one. The list function works as expected, however, the individual GET for a specific record fails with a HTTP/403 Forbidden message.
The LCF standard describes authentication and authorisation here: https://github.com/bic-org-uk/bic-lcf/blob/develop/docs/LCF-RESTWebServiceSpecification.md#1-terminal-application-authentication-updated-in-v120
Within this text, the example given is retrieving a single Patron record using a GET request.
where
{Base64-encoded-terminal-credentials}is constructed from elements Q00D04.2 and Q00D05.2 (see [4]).Elements Q00D04.2 and Q00D05.2 defined here are the Terminal ID and Terminal Password.
Checking with Matthew about which credentials should be used, it apparently uses the Patron credentials for this GET request.
This would appear to be incorrect.
ASIDE: I think the ACL for LCF needs improvement in the documentation!
The text was updated successfully, but these errors were encountered: