Hi @CAPEGA
Thanks for the additional information. While Kerberos is an option as you stated as a valid means to establishing authentication newer more modern options in my opinion that use SSL to authenticate are preferred and are often thought of as the "current standard". With SSL you're asserting for yourself (via public/private key), whereas, in Kerberos, even with public key cryptography (PKC) for session keys, the server (3rd party) is still doing the confirmation for you. Additionally, another benefit is SSL also encrypts the transfer of data.
While Kerberos is a valid way of establishing authentication I would recommend a different option. Based on what I read using the link provided previously there are some settings for the Pi Web API that would allow for bearer authentication using OpenID connect (OAuth 2.0 based). The advantage here is that the you have one login for multiple sites. The PI administrator would need to configure these changes. This feature is available beginning with the PI Web API 2017 release.
Most of the documentation for OSI Pi is not accessible to the general public so I cannot create a specific example. I'd be happy to work with you directly if you are so inclined. Please send me a private message and we can connect if you would like to pursue this option.
However, here is an example of using OpenID to access your Google profile picture (if you have a Google account ).
Names Default To Here( 1 );
/*
Note: the "code" parameter is set automatically after the redirect occurs
*/
auth_url = "https://accounts.google.com/o/oauth2/v2/auth";
token_url = "https://www.googleapis.com/oauth2/v4/token";
redirect_url = "http://localhost/myapp/";
client_id = "581786658708-elflankerquo1a6vsckabbhn25hclla0.apps.googleusercontent.com";
client_secret = "3f6NggMbPtrmIBpgx-MK2xXK";
scope = "openid profile";
auth_fields = [=> ];
token_fields = [=> ];
oauth2 = New OAuth2();
oauth2 << Grant Type( "Authorization Code" );
oauth2 << Auth URL( auth_url );
oauth2 << Token URL( token_url );
oauth2 << Redirect URL( redirect_url );
auth_fields["scope"] = scope;
auth_fields["client_id"] = client_id;
token_fields["client_secret"] = client_secret;
oauth2 << Auth Fields( auth_fields );
oauth2 << Token Fields( token_fields );
auth_header = oauth2 << Get Auth Header();
request = New HTTP Request( URL( "https://www.googleapis.com/oauth2/v3/userinfo" ), Headers( {auth_header} ), Method( "GET" ) );
data = request << Send;
If( !Is Empty( data ),
json_jsl = Parse JSON( data );
If( json_jsl << Contains( "picture" ),
picture_url = json_jsl["picture"];
New Window( "Example", Picture Box( Open( picture_url ) ) );
,
Show( data )
);
);
cheers,
Stan