Allow REST authentication via OAuth


  • Zanata should serves as authorization server

  • REST services should recognise OAuth access token - as an alternative for API key

  • Not considering JWT in this implementation

  • System property (disabled by default) to disable OAuth

  • System property for the timeout for access token

  • Needs to be tested from end to end, e.g. mock/existing client

Future tasks:

  • URI for client id

  • Page for user to revoke access

  • Page for admin to review OAuth tokens

  • JWT for token

  • Pre-registered client to Zanata

Ready for Release
Your pinned fields
Click on the next to a field label to start pinning.


Patrick Huang


Alex Eng

Tested Version/s