-
Type: New Feature
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: ADDONS_10.10
-
Component/s: Rest API
-
Epic Link:
-
Tags:
-
Sprint:nxplatform 11.1.15, nxplatform 11.1.16
-
Story Points:3
The Management API should be accessible with a defined technical user who has no right on the repository.
To authenticate this technical user, we will rely on JWT, with the secret shared between the Nuxeo Server and the client calling the API.
The technical user(name) could be configured in nuxeo.conf.
We should also allow standard administrators to access the Management API. That feature could be behind a configuration/nuxeo.conf flag, activated by default.
The authentication check should be done in ManagementRoot:
- check if the authenticated user is the technical one defined (if any)
- or check if the user is administrator (if the configuration property is enabled)