跳至内容
此问题已终结
jsonrpcodoo17
3 回复
5010 查看
形象
Ids MG

When using JSON-RPC external API, do I need to call the common authenticate method before each object call? It only seems to authenticate and return the user id.

 So if I did that once, can I store that user id and use it for all further object calls? Or is there some kind of expiring session stored on the server I need to be aware of?

形象
丢弃
Ids MG
编写者

I know how authentication works and that there are other techniques that can be used. But I want to minimize the number of authentication calls for JSON-RPC. Does anyone know if that can be done once or needs to be done before each object call?

Ids MG
编写者

According to Odoo Support:

When using Odoo's JSON-RPC interface, you do not need to execute the authentication call before each object call. The authentication process should be done once to obtain the user ID and a session token, and then you can use these credentials for subsequent calls.

形象
Ajin A K
最佳答案

It depends on the specific implementation of the JSON-RPC API you're using. Here's a breakdown of the two common scenarios:

1. Session-based Authentication:

  • In this case, a successful authenticate call establishes a session on the server. This session is identified by a key or token (often not the user ID itself).
  • Subsequent object calls typically require including this session key or token in the request header or as a parameter.
  • This session has an expiration time. You don't need to call authenticate again until the session expires.

2. Token-based Authentication:

  • Here, authenticate might return a JSON Web Token (JWT) or a similar token containing user information and claims.
  • Subsequent object calls would require including this token in the request header (usually as an "Authorization" header).
  • JWTs are self-contained and expire after a set time. You need to re-authenticate (get a new token) before the current one expires.

How to determine which method your API uses?

  • Check the API documentation for details on authentication and authorization.
  • Look for keywords like "session", "token", "JWT", or expiration time.
  • If unsure, consult the API provider's support resources.

Here are some best practices for handling authentication with JSON-RPC APIs:

  • Store tokens securely: If using tokens, store them securely in memory or a secure storage mechanism like the keychain. Avoid storing them in plain text.
  • Refresh tokens before expiry: Monitor token expiry and refresh it before it expires to avoid interruptions in your application.
  • Handle errors gracefully: Implement proper error handling for authentication failures.

By understanding the authentication method and implementing best practices, you can efficiently manage user sessions and keep your JSON-RPC interactions secure.

形象
丢弃
形象
Ray Carnes (ray)
最佳答案

You need to send an authenticated User ID and Password (or API key) with each request.


形象
丢弃
形象
Long Duong Nhat
最佳答案 
Hi Ids MG,
Please try using Restful API. Odoo has an endpoint (/web/session/authenticate) to connect to the database and log in.
The API response has more information for you and it will have a session to help you maintain the connection.
Reference source: https://github.com/odoo/odoo/blob/17.0/addons/web/controllers/session.py#L29


形象
丢弃
相关帖文 回复 查看 活动
Odoo JsonRPC : Get m2m, m2o or o2m nested field with read method
odoo jsonrpc odoo17
形象
0
2月 25
515
How to Fetch Product Images via JSON-RPC in Odoo?
jsonrpc
形象
形象
1
2月 25
414
Odoo 17
odoo17
形象
1
2月 25
37
Existing Field Labels not displayed after installing new module
odoo17
形象
形象
1
2月 25
543
Odoo time-sheets rights to add
odoo17
形象
1
1月 25
539