"Configuration prevents the usage of this endpoint by unprivileged users");
}
- $status = authenticate_api_request($c);
+ if ( $c->req->url->to_string eq '/api/v1/oauth/token' ) {
+ # Requesting a token shouldn't go through the API authenticaction chain
+ $status = 1;
+ }
+ else {
+ $status = authenticate_api_request($c);
+ }
} catch {
unless (blessed($_)) {
use C4::Context;
use Koha::OAuth;
+use MIME::Base64;
use Mojo::Base 'Mojolicious::Controller';
return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'});
}
- my $client_id = $c->validation->param('client_id');
- my $client_secret = $c->validation->param('client_secret');
+ my $client_id;
+ my $client_secret;
+
+ my $authorization_header = $c->req->headers->authorization;
+
+ if ( $authorization_header and $authorization_header =~ /^Basic / ) {
+ my ( $type, $credentials ) = split / /, $authorization_header;
+
+ unless ($credentials) {
+ Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' );
+ }
+
+ my $decoded_credentials = decode_base64( $credentials );
+ ( $client_id, $client_secret ) = split( /:/, $decoded_credentials, 2 );
+ }
+ else {
+ $client_id = $c->validation->param('client_id');
+ $client_secret = $c->validation->param('client_secret');
+ }
my $cb = "${grant_type}_grant";
my $server = Net::OAuth2::AuthorizationServer->new;