AnsweredAssumed Answered

Refresh Api Authentication Ticket

Question asked by v.giannini on Jun 17, 2019
Latest reply on Jun 20, 2019 by abhinavmishra14_alfresco

Hi all,

I'm integrating alfresco rest-api, using alfresco latest version, as DMS services for external web applications.

I'm experiencing some troubles about authentication, the question is this:

 

How I can refresh an expired authentication ticket for rest api wihout executing e new  /tickets post passing username and password?

 

Web applications in accord with GDPR cannot store user passwords and without a refresh service I'm not able to guarantee the validity of an authentication ticket requested by external web applicatrion at login time.

 

The typical scenario could be this:

 

The user logins the external web application, in the same time the application executes a /ticket post to obtain an authentication ticket.

 

Supposing in alfresco is configured a 10 minutes ticket validity time, if the user navigates the external web application for 11 minutes and then executes an action to obtain for example his user home folder list, the ticket obtained by the application for alfresco at login time will be not valid anymore, I need to refresh it such as oauth protocol does passing the expired ticket and obtaining a new one but I don't see any rest endpoint in the rest api explorer to do it. It seems that the only way is to execute a new /tickets call but once a user is logged in the application cannot store the (clear) user password.

 

I'm really in trouble please help me 

Outcomes