[Loris-dev] Need of a refresh token mechanism for the LORIS API.

[Rolando Acosta]

Hi loris-dev team,

At CNBP we're wondering if there is a possibility of developing a refresh
token for the Loris-API. The demand comes from the following situation:

Currently API token expires in 24 hours. When an app authenticate and get
the access token, must do the re-authentication process (via user, pass)
before 24hours to get the new token in the case of continuous communication
needs. We have in place a service that takes MRIs from the scanner and push
it into the LORIS instances automatically via the API. The issue comes then
because LORIS users have a password expiration after 6months of
creation/modification. So every 6 months the automatic uploading system
crash (as the password expiry) and the sysadmin should manually change the
password and feed it back into the automatic system.

Having a refresh token two issues could be solved from the automation
perspective:
 - The user and pass will not longer have to be provided to the system
every 24 hours. (of course the refresh token must)
 - The automatic system for uploading content will not break and need human
intervention every 6 months.

Thank you very much in advance for the help you can provide us,

Rolando Acosta
Canadian Neonatal Brain Platform (CHU Sainte-Justine)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20190321/b5817973/attachment.html>