I'm integrating alfresco rest-api, using alfresco latest version, as DMS services for external web applications.
I'm experiencing some troubles about authentication, the question is this:
How I can refresh an expired authentication ticket for rest api wihout executing e new /tickets post passing username and password?
Web applications in accord with GDPR cannot store user passwords and without a refresh service I'm not able to guarantee the validity of an authentication ticket requested by external web applicatrion at login time.
The typical scenario could be this:
The user logins the external web application, in the same time the application executes a /ticket post to obtain an authentication ticket.
Supposing in alfresco is configured a 10 minutes ticket validity time, if the user navigates the external web application for 11 minutes and then executes an action to obtain for example his user home folder list, the ticket obtained by the application for alfresco at login time will be not valid anymore, I need to refresh it such as oauth protocol does passing the expired ticket and obtaining a new one but I don't see any rest endpoint in the rest api explorer to do it. It seems that the only way is to execute a new /tickets call but once a user is logged in the application cannot store the (clear) user password.
One quick turnaround solution is to increase the time validity for longer time. You could match the session expiry time set on the application which user uses and session would be expired in that application for inactivity. This session expiration time can be equal to the Alfresco ticket validity.
Set the following property in alfresco-global.properties file:
This example shows the validity is set to 2 hours. 1 hour is the default setting
There is another case here, if you want to see it:
Another solution is to get rid of the dependency on ticket. Implement SSO instead and let SSO takes care of authentication etc. This would take some time to fix the issue until implementation. But you don’t have to be dependent on the alf_ticket.