Time Nick Message 20:39 mtj hi #koha, bonjour #hackfest 12:53 clrh hello magnuse 12:38 magnuse is there a difference between renewsCheckout and renewCheckout in the REST API? 12:38 magnuse hiya caroline 12:31 caroline good morning! 12:25 magnuse_ bonjour clrh 12:18 clrh hi here 10:19 aude_c[m] Can't find the bug for it either 🧐 10:14 magnuse_ did we implement 2fa for the opac yet? i thought there was an issue about that but couldn't find it 09:31 krimsonkharne[m] g'day #koha 09:09 ashimema Joubu: around? 09:02 dolf Example: https://library.refstudycentre.com/cgi-bin/koha/opac-search.pl?idx=&q=commentary&weight_search=1 08:58 dolf Hi. I upgraded from Koha 22.05 to 22.11 today (slowly catching up on all those missed releases). In Koha 22.05, I was using exactly this config for cover images: https://bywatersolutions.com/education/koha-question-of-the-week-where-do-cover-images-come-from-in-koha After the upgrade to 22.11, the cover images are missing. Any ideas how I could debug this or what I should check for? 07:43 * magnuse waves in the general direction of Marseille 07:07 dcook laterz ashimema and co 07:07 dcook Yeah I better run 07:07 paulderscheid[m] morning #koha 07:07 dcook We'd want to think of something in a SSO context I think.. 07:07 dcook "where you identify both parties anyway and the end user picks which of their permissions the client can access" this seemed more common pre-OIDC of course 07:06 ashimema catch you later chaps 07:06 ashimema I'm heading up the road now to find the offices.. 07:06 dcook The particular supplier who needed it isn't in the mix anymore I think 07:04 dcook Yeah, that use case is one I've definitely wanted to work on more as well 07:03 dcook ummm 07:03 dcook And back but really should be running 06:56 dcook brb 06:55 ashimema right now we can't easily identify client vs user for api calls 06:54 ashimema where you identify both parties anyway and the end user picks which of their permissions the client can access 06:54 dcook I'm not sure I follow the use case quite.. 06:54 ashimema in reality what we really sohuld have is 'code grant' flow I reckon 06:54 dcook Actually if I understand... 06:53 dcook ashimema: Oh yes, I think we talked about this once.. 06:53 ashimema acting on behalf of a user 06:52 dcook magnuse: So one way of doing that could be using SSO and attributes in the Identity Provider 06:52 ashimema right now we only do client credentials grant so you create an API user and just login as that.. we have systems that want to login as the client user but 'act' as the patron or staff user 06:51 dcook That's the one I'm on haha 06:51 dcook [off] Yeah probably a good idea to hide those, although I think many of ours have been well and truly harvested by now 06:51 ashimema the Topics tab is the interesting one 06:51 dcook ashimema: Oh neat. I like the sound of a lot of these things, although I'm not sure what API Masquerading is 06:51 ashimema [off] I should have a quiet word with Paul about redacting the email addresses in there.. it's a public sheet and I trust you guys but emails should probably be hidden 06:50 magnuse dcook: nothing specific yet, the scenario is just different external services that need to authenticate Koha users, and "filtering" which Koha users should be allowed to authenticate 06:49 ashimema those are the hackfest plans 06:49 ashimema https://docs.google.com/spreadsheets/d/1CqV3Y9iA7j4x7D4RN34h6gfCWJLM0-MFV_G9COEuaOc/edit?usp=sharing 06:49 ashimema one sec.. I'll dig out the sheet.. no reason not to share it 06:49 ashimema I'm on the 'Side' track (which I think is the 'it didn't fit anywhere else' track.. lol) 06:48 ashimema just up early having a coffee and working out how I'm going to do that.. lol... being on vacation last week means I'm jumping in at the deep end a little again.. 06:48 dcook What's your track called? 06:48 ashimema so I'm leading a track and encouraging discussions and coding to happen around it. 06:47 dcook Oooh that sounds good 06:47 ashimema Hackfest is taking a slightly different format this year though :).. I have been plannning it with my team here for weeks.. when I shared our target list with Paul he turned it into a set of 'Tracks' and now we have three parallel tracks running each with a "lead" 06:46 dcook Story of my life 06:46 ashimema yeah.. just the week.. never get enough done 06:46 dcook I sure hope so :) 06:46 ashimema hopefully see yout here 06:46 dcook I've got a hectic few days, but maybe I can pick up some slack towards the end of the week.. 06:46 ashimema I'm putting together my KohaCon proposal next week.. already got permission to go loosely agreed anyway though 🙂 06:45 dcook Is it just this week? 06:45 dcook I hope it's a really productive time :D 06:45 dcook Nice! 06:45 ashimema we'll have 7! here this year 06:45 ashimema well.. Alexander will be soon enough.. he's the straggler but should hopefully join us in the next few days.. 06:44 dcook I wish that I was as well.. seems like a good year for it 06:44 ashimema my whole team is here 🙂 06:44 dcook :3 06:44 ashimema I'm at Hackfest 🙂 06:44 dcook ^ 06:44 ashimema the main issue I've had is our underlying permissions system.. it's a bit of a mess to try and do this 06:44 dcook Or remoting in? 06:44 dcook ashimema: Are you at the hackfest? 06:44 * dcook isn't at all trying to do 3 things at once right now 06:43 ashimema it's on the list to discuss api masquerading at hackfest... i'm kinda hoping that also lets me ask this question again and get someone to help work on it.. 06:43 dcook magnuse: What's the use case? You can DM me if you don't want to post it here 06:43 * ashimema tries to remember the grant flow he's especially interested in. 06:43 dcook hehe 06:43 dcook There is no such thing as magic O_O 06:43 ashimema we only support the most basic one really.. I'd like to see us to a few other flows.. 06:42 magnuse yeah, was mostly wondering if there was some magic that could be done with the standard api 06:42 * dcook is onboard for this idea 06:42 dcook ashimema: Oh my... you know just what to say... 06:42 * ashimema wants to try and do some new OAuth grant flows 06:42 dcook The plugin is so powerful you could do anything 06:41 dcook Phenomenal cosmic power... itty bitty living space... 06:41 dcook However you like 06:40 magnuse ok, cool 06:40 dcook Different endpoint 06:40 magnuse and if different services should use the same api, how would koha know which logic to apply? 06:39 magnuse could a plugin infiltrate itself into the standard api, or would it have to provide a separate endpoint/service? 06:38 dcook magnuse: Yeah I put that Keycloak extension somewhere... 06:37 dcook Or if you wanted to embed it in Koha I'd go with a plugin 06:37 dcook But the logic would be consumer-side 06:37 dcook Doesn't need to be hacked 06:37 magnuse ah keycloak, eh 06:37 dcook Note I forbid any APIs calls to the OPAC other than "public" calls, and then I also restrict the admin REST API by IP 06:37 magnuse dcook: yeah, that sounds reasonable, but how to implement that? hack the api or could it be done with a plugin? 06:37 dcook With the Keycloak extension I did, I do a patron lookup across a few criteria, and then only attempt auth if I find a matching patron 06:36 dcook magnuse: I suppose for a use case like that... you'd have to lookup the user first, apply whatever filtering, and then only do the auth then 06:35 magnuse bonjour reiveune 06:35 * dcook also waves to folks in France (and other places) 06:35 dcook magnuse: *covers my ears* 06:34 reiveune hello 06:33 * magnuse wonders what people do if they have external services that need to authenticate Koha-users through the REST API, but the service should only be avaiable to some of the users, based on something like patron category or an individual setting per user 06:30 magnuse the early bird gets the worm? 06:30 magnuse bonjour! 06:30 ashimema morning magnuse 06:29 * magnuse waves in the general direction of Marseille