-
Notifications
You must be signed in to change notification settings - Fork 11k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rest API - open access to all users? #963
Comments
I (We) at least need "Service" accounts. I've just created a Bamboo notification plugin who sends notification to a public (at this time) channel. As I said in previous post for my usage, creating service accounts with Username/api-token would be sufficient. On security side, the API provides the same features that you can get from the UI so why not open to all users?! In my opinion you should open feature to all user that are available in the UI and you should restrict features that are not available from UI or administration feature to admin only. |
hi @imclem is this issue still a problem with the latest version or Rocket.Chat? Nice plugin for bamboo! I'll test on our projects that use Bamboo :) |
@imclem Now you can use OAuth to access our APIs and the new LDAP implementation (at branch develop) sync the user's password from LDAP to our account system, so you can login using your username and password too. |
@rodrigok, are you saying that the new API will automatically create the user if the LDAP configuration is set? |
…nt_change [IMPROVE] Add departmentName as query param and route to that department in SMS endpoint
Hi Guys,
Just set-up LDAP with RocketChat, on client-side everything works properly. On api side, I can't login with my LDAP credentials. I just get an Unauthorized error.
I've created a non-ldap account on the server, then used it on /login and this works properly.
Looks like login with LDAP account is not supported on the rest api side.
I would also be grateful if you could add the capability to generate Username/api-token from the admin UI. This way we can generate accounts to use with the rest API without password and we can revoke them if the service using them gets corrupted.
Thanks in advance, RocketChat rocks!
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: