Dear FIWARE coach,
we forward you a support request received from a CreatiFI applicant we are
not able to solve.
Please let us know if you need direct contact with the submitter.
Thanks.

*********************************************************

We are using WStore for handling all store and purchase related aspects of
our project. We are running WStore using the standard WStore image in
fiware labs.
For this, we need to authenticate on the WStore. Users will be created on
our platform. As a result, what we need is a way to authenticate on WStore
and linking that authenticated user (WStore-user) to the user on our
platform (THEO-user). It is not possible for us to use the Keyrock idM GE

Our initial approach to resolve this was to let WStore use oauth and the
platforms authentication mechanism. However, after discussing with
Francisco de la Vega, it would appear this is not implemented in WStore and
additional extensions are to be made in order to integrate with an external
identity management system. As we are not skilled python programmers and
for maintenance reasons, we prefer not to extend WStore with support for
this unless there is an easy way for this to be done (preferably with a
working example and a list of the API calls to be provided by the platform).
We attempted to make our platform mock the fiware Keyrock idM (and mimic
the API and handlers), setting OILAUTH = True and FIWARE_IDM_ENDPOINT = '
http://auth.theoplayer.com:3000/login' in the settings.py file.
This was unsuccessful as opening WStore resulted in the following error:

WrongBackend at /login/fiware/
Incorrect authentication service "fiware"
Request Method: GET
Request URL: http://130.206.83.32/login/fiware/
Django Version: 1.4.13
Exception Type: WrongBackend
Exception Value:
Incorrect authentication service "fiware"
Exception Location:
/opt/wstore/src/virtenv/lib/python2.7/site-packages/social_auth/decorators.py
in wrapper, line 28
Python Executable: /usr/bin/python
Python Version: 2.7.6
Python Path:
['/opt/wstore/src/virtenv/lib/python2.7/site-packages',
'/opt/wstore/src',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages']

As a result, our new approach would be to use the WStore embedded
authentication system. It would be possible to create a WStore-user using
an API call when creating a THEO-user on our system using a random
generated password and username. We understand this will require us to
obtain an access token from an admin account (1). Once this WStore-user has
been created and the THEO-user indicates he wants to perform a purchase,
the platform will obtain an access token for the THEO-user's WStore-user
account (2) and perform REST API calls in order to retrieve or update the
information from WStore.

As the WStore embedded authentication system is an oauth system, we were
hoping to use Resource Owner Password Credentials Grant in order to obtain
an access token for (1) or (2). However, it would appear this grant type is
not implemented in WStore. It would appear there is no grant type available
in WStore in order to retrieve an access token via server2server
communication alone. As a final solution, we are now looking into injecting
(or updating) access tokens directly in the WStore database and are looking
into information on how this can be done. More specifically we are looking
at the tables and records which should be updated/inserted in order to
achieve this. Preferably, access tokens would be eternal with extremely
high expiration times in order to reduce the number of WStore database
manipulations.

Would it be possible to provide us with information how we can integrate
this authentication? The main preference is still to use our own platform
authentication, but without updating WStore.
Thanks

*********************************************************

_______________________________________________
Fiware-creatifi-coaching mailing list
Fiware-creatifi-coaching@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-creatifi-coaching

[Created via e-mail received from: Andrea Maestrini <amaestrini@create-net.org>]