[rt-users] REST Interface and Authentication

Martin BOULADOUR martin.bouladour at etu.univ-nantes.fr
Wed Jun 11 05:51:37 EDT 2008


Hi everybody,

I'm a new subscriber to this list. I'm french, so don't be too harsh with
my mistakes. :)

I just don't understand something. I'm writing a little programme that
uses the RT REST interface. Every request needs to contain the
session-token given by RT at the login, otherwise a "401 Credentials
required" status code is returned.

However, I didn't find how to get a valid session token from RT using the
REST intreface. By now, I simulate a login-form submition by sending a
POST request to the root URL of RT Web interface, with the 'user' and
'pass' parameters. It works: a session-token is returned in the
"Set-Cookie" HTTP header. But even if the authentication fails (if the
username or the password are not correct), RT sends that "Set-Cookie"
header back all the same, with a session token. In that case, the session
token is invalid and can't be used.

The problem is that there is nothing to inform about the result of the
login action. The HTTP response is the same in both cases (success,
failure). The only thing that informs about that is the "Not logged in."
string in the HTML. I think that looking for that string in the HTTP
response body is a very bad way to know if the returned token is valid or
not.

The only alternative is to send a dumb request to the REST interface with
the token. If the response body begins with "RT/3.6.1 200 Ok", then the
token is valid, else if it begins with "RT/3.6.1 401 Credentials
required", then the token is not valid.

Is there another way to do that? Does the REST interface provide something
to log in? If you do use the REST interface with one of your programmes,
what do you do to get a valid session token?

The REST page of the wiki says:

"The REST Interface does not support HTTP-Authentication. So you must get
a valid Session-Token and submit the cookie each request. You usually get
a Session-Cookie by submitting the default login form."

And nothing more. :(

Thanks for your help.

Best regards,

Martin Bouladour




More information about the rt-users mailing list