Skip to content

tt-rss: Set Apache basic authentication or disable authentication for API access

Created by: SunilMohanAdapa

Complexity: 2 points

Currently, once enabled, users are able to access tt-rss service using tt-rss mobile application. The communication happens on an API URL. In mobile application there is a mechanism for providing username/password and separately there is another mechanism for basic auth based username/password. This task is to make sure that users a way to access tt-rss from a mobile application.

  • Implement separate Apache configuration for API URLs and either basic authentication should be enabled on those URLs or authentication should be disabled. Single sign on mechanism from within the mobile application may not work.
  • Assumption: Single sign on is enabled for the web interface. See #954 (closed). This may have disrupted the currently working API access to mobile application.
  • Assumption: API access can only work over Apache basic authentication or when authentication is disabled.
  • Assumption: When authentication is disabled, tt-rss does its own authentication. LDAP authentication is being used by tt-rss.