https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25796
--- Comment #2 from David Cook <dc...@prosentient.com.au> --- Here's another thought: If Koha and other applications used Keycloak for SSO, the id_token and refresh token could be saved, and used beyond the initial login. For instance, a user logs into MyApp, which redirects them to Keycloak and back to MyApp. They click "Place a Hold" on an item in MyApp, which then sends an API request with id_token to Koha. Koha takes the id_token and validates it against Keycloak. If it's valid, API request proceeds. If it's invalid, it spits out a 401. MyApp could verify the id_token ahead of time or re-try after using the refresh token to get a new id_token. That's irrelevant right now. -- The only difficulty I have in mind at the moment is... how does Koha know which IdP to query with the id_token? It's easy if your Koha is only set up with one IdP. With more than one, it would be more complicated... -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/