How to authenticate users in Lotus Domino 8.5.3 through Domino Data Service REST API

0
votes

I'd like to know how to authenticate users in Lotus Domino 8.5.3 through Domino Data Service REST API.

I can see in the documentation the "Request header value for authorization", and it says:

Other headers may be required for authorization depending on the security imposed by the Domino server.

I haven't found information about the "other headers". Anybody knows how to authenticate? Should we create a cookie and send it in every request header?

2
apirestauthenticationxpageslotus-domino

2 Answers

7
votes

Domino supports three forms of authentication:

  • Basic authentication (header-based)
  • Session authentication (cookie-based)
  • Certificate authentication (X.509-based)

You can distinguish them by attempting to open a protected database on the server in your browser. If you get a built-in dialog box from your browser asking for name and password, it's basic. If you get an actual web page in the browser asking for name and password, it's session. If you get challenged by a dialog asking for you to select a certificate from your browser's key store, it's certificate. (Of course, you can also fire up the Domino Administrator client and just look at the relevant configuration documents for the server to figure this out.)

For Basic authentication, every request you send must included a header as described here.

For session authentication, you will need to send a cookie. There are actually two different cookie formats, depending on whether the Domino server has been set up for single server or multi-server (SSO) session authentication. To get the value of the cookie, you will need to emulate an actual user login by POSTing a form containing the name and password, and reading the cookie value that is returned after your successful POST. (You can get the details of the form that you have to POST by studying the HTML that is returned to you in a browser when you attempt to log on manually.)

For certificate authentication, well... that's probably too complex a topic to address here.

2
votes

In the section "Specifying request headers" of the "Domino Data Service User Guide and Reference" they mention the http header "Authorization":

Authorization username:password (must be encoded)

It says "must be encoded" but don't mention what kind of enconding. It's Base64 encoding and you can use in javascript atob() and btoa() functions to encode and decode.

If you user is "john" and you password is "p455w0rd", you must encode the string "john:p455w0rd" (include the colon, and you can do that with: btoa("john:p455w0rd") ) and add "Basic" as a prefix if your authentication is basic:

Authorization:Basic am9objpwNDU1dzByZA==

That's it.