Authentication for api rest

Hello everyone, I would need guidance for what I want to do. The scenario is as follows, I have a web application that uses the IDM to access. To do this, copy the flowable-task-ui mechanism. The problem arises when I want to use the api rest, since I need to send user: pass in the HTTP header by basic authentication. I have no way of knowing what the password is, which is fine. The idea I have is to modify the api in order to remove the HTTP authentication and then before each call to the methods check as does the task ui against the cookie. It does not seem the best or the cleanest, but I can not think of another way.
Do you see it possible? Is there another way to make it better?
Thanks and sorry for my English


1 Like

The internal REST api (used by the UI) also uses the cookie approach (used by IDM) … so yes, if you want to reuse the REST api (non-ui one), that’s indeed an option that’s the easiest. You’d have to adapt the spring security configuration of the rest app though.

Thanks Joram, I’ll try that and I’ll post the results

Thanks Again