Description
IIIF Auth 2.0 has a number of major changes from 1.0 that need to be accounted for:
- Structure has changed from "Access Controlled Resource -> AuthCookieService -> [Probe Service, Token Service, Logout Service]" to "Access Controlled Resource -> Probe Service -> Auth Service -> [Token Service, Logout Service]"
@context has been moved from the "AuthCookieService" level to the top level manifest @context blocktype names have changed for all servicesprofile has been removed from Probe, Token, and Logout service. profile is limited to 'active', 'kiosk', or 'external' in Auth Service. Avalon will probably be using 'active' in all cases.- 'failureDescription' and 'failureHeader' are now 'errorDescription' and 'errorHeader'. They can now be added for default error responses in the Probe service and the Token service.
- Probe requests are GETs now, so require a JSON response
- Token requests expect an HTML response for both success and failures
- Token response requires entries for
@context: "http://iiif.io/api/auth/2/context.json" and type: AuthAccessToken2
- Token error has a lot of options for the response depending on the nature of the error. For initial implementation, hard coding a simple access denied (
missingAspect or invalidAspect) will be easiest with a potential followup to handle other errors.
References
Done Looks Like
Description
IIIF Auth 2.0 has a number of major changes from 1.0 that need to be accounted for:
@contexthas been moved from the "AuthCookieService" level to the top level manifest @context blocktypenames have changed for all servicesprofilehas been removed from Probe, Token, and Logout service.profileis limited to 'active', 'kiosk', or 'external' in Auth Service. Avalon will probably be using 'active' in all cases.@context: "http://iiif.io/api/auth/2/context.json"andtype: AuthAccessToken2missingAspectorinvalidAspect) will be easiest with a potential followup to handle other errors.References
Done Looks Like