#28558 OpenAPI: Enable multiple alternative authentication mechanisms for the same API

Enhancement

Major

#28022

TL-Script: Access to application configurations

#28173

TLScript: new function for parsing Excel files

#28310

Layout editor: Process view

#28532

New TL script function isCompatibleValue()

#28539

TLScript-Funktion für den Zugriff auf konfigurierte Formate

#28550

Prevent leading and trailing white space for model-based fields

#28558

OpenAPI: Enable multiple alternative authentication mechanisms for the same API

#28564

OpenAPI: Accept authorization token, even if it contains no user information

Detail

#28523

Option list is not updated if the options are calculated via configured scripts

#28541

Make lock strategy available in templates for Grid and Tree-Grid

#28542

Support for SQL "like" construct

#28561

Dynamic file names for (Excel) downloads

Bugfix

Major

#28578

Oracle JDBC driver update: Bug "ORA-01461" in JDBC driver

Detail

#27975

Excel export in model editor has wrong command group

#28303

Customize documentation for integrating icon fonts

#28375

Overwriting I18N attributes makes existing values unreachable

#28445

Ignore the selection column for the "Automatically adjust column widths" function

#28529

NullPointerException for modifiedRevision() on new compositions

#28531

Pressing ESCAPE or ENTER after a reload throws an error and triggers a reload

#28540

Backward references in transient objects are not resolved correctly

#28552

Replace the obsolete term "Wrapper" with the current term "TLObject" in the CompositionFieldProvider class.

#28553

Type conversion error for calculated columns of type tl:core:Duration

#28555

Images in HTML attributes are only displayed after saving

#28557

Size restriction for the "street" attribute of a company contact too strict

#28563

JSON: NumberFormatException when parsing large integer values

#28565

CSS class ' tblRight' does not apply for fields in edit mode and in the header

#28566

Consider composition attributes Do not include dynamic designations in the table title

#28570

Missing Validation of OAuth State Parameter

#28582

ClassCastException when selecting all rows in table

#28584

Template for tables with "resetInvisible" option

Enhancement

Major

#28558

OpenAPI: Enable multiple alternative authentication mechanisms for the same API

Code migration DifaV7 OpenAPI

If several authentication methods are currently specified for an API, then all of these methods must be fulfilled when accessing the API. However, this is contrary to the OpenAPI specification, which states that if several authentication methods are specified, these are to be considered as possible alternatives.

Improvement

Several authorization procedures on the server side are alternatives.
Services can also be offered in the user context via HTTP BasicAuth (mainly for simplified testing of interfaces in the user context).
Authentication procedures are now pluggable, i.e. they can be defined by the application. Example: com.top_logic.demo.api.CustomAuthentication

Code migration

In the OpenAPI method registry configuration (if available)

   <authentication config:interface="com.top_logic.service.openapi.common.authentication.oauth.WithUserAuthentication" ...

by

   <authentication class="com.top_logic.service.openapi.client.authentication.oauth.user.WithUserAuthentication" ...

replace.

Test

Configure the API with several alternative authentication methods and check that access is possible with each method individually.

In tl-demo: API "/whoami", which can be used with two authentication methods.