Support for API keys via query #580
Comments
|
When I construct the path manually https://dmigw.govcloud.dk/v2/oceanObs/conformance, I get a 403 status code as response. Currently, this test suite/ TEAM Engine are not supporting an API key. |
I don't know what the best way to handle this would be. And I don't know how many other security schemes the ETS is reasonably should be able to handle (@cportele is that a discussion for the SWG?). What I did so far, is supply the API key as part of the IUT:
So in the same way as I do in QGIS (3.16 or higher, see qgis/QGIS#38436 and qgis/QGIS#38738):
|
|
Thank you for your input. We will discuss this in the CITE team. |
It would be nice to have examples for typical cases of security schemes - not as part of the standard, but separately, e.g. in the Guide. If someone would provide a draft I am sure the SWG would look at it and see how this could be published. |
|
Support for API keys is not currently supported by the ETS. However, @securedimensions recently guided the security aspects of the September 2020 OGC API code sprint. He might know of examples of implementations of different security schemes in OGC APIs. Support for security schemes is something that we would like to support in TEAM Engine. |
|
A solution to this issue could also be applied to opengeospatial/ets-ogcapi-processes10#47 That is, if the solution supports authentication through query parameters and headers. |
The test suite does not seem to take into account that the API may have implemented security by means of an API key via a query.
E.g. the Oceanographic Observation API by the Danish Meteorological Institute:
When testing this API, it says that no conformance classes could be found, although they are present. It seems to be a matter of:
The text was updated successfully, but these errors were encountered: