Skip to content

clockworkgeek/Magento-Api2-Basic-Auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
code
code
 
 
modules
modules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
modman
modman
 
 

Repository files navigation

Basic Authentication for REST API

This adapter/extension allows clients to access the API without OAuth.

Caution

I use this for local testing only. If you wish to install on a site which can be accessed widely then you should really use HTTPS always. This is because HTTP basic authentication is unencrypted. It would be trivial for an eavesdropper to extract usernames and passwords.

Furthermore, this extension does not start a WWW-Authenticate challenge as that would break guest access. Viewing a resource in a browser will not prompt for username and password automatically. Your client must supply credentials directly and with every request, so it is important to use HTTPS or find some other way to shield traffic.

How it works

  • If a request has no Authorization header then the user is a guest and can only access guest resources.
  • If a request has an Authorization header starting with "OAuth" then normal OAuth behaviour applies.
  • If a request has an Authorization header starting with "Basic" then:
    • If the username/password matches an active admin account then the user is an admin and may access admin resources.
    • If the username/password matches an active customer account then the user is a customer and may access customer resources.
    • If neither matches then a "401 Unauthorized" error occurs.

About

Basic HTTP authentication for Magento's REST API

Topics

rest-api basic-authentication mit-license http-auth magento-api

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Languages