I am trying to find a way to create an odoo controller which allows me to login without having to use check username and password. (part of a sso solution). Basically I want to create a session myself. I can't find a working example.
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project
- MRP
This question has been flagged
4
Replies
2766
Views
There are multiple ways you can achieve this, the most direct one is using cookies.
You need to set up a service to create and validate authentication tokens, (this can be done completely outside of the Odoo ecosystem (any SSO, Certificates, etc)
When you connect to Odoo, you must have a method that reads the token, or certificate and returns a cookie that stores the session in the browser.
The connection to the Odoo application is always done in HTTPS.
You can only do this if you have access to the base code, and remember that by changing authentication rules, you are bypassing default security, and limiting the security of the application at your own risk.
Thanks @Niyas, but that is also not what I want. Your solution would work for api actions, but I want to have a genuine browser session just as if I logged in with username and password.
yes, you can set this session_id in your browser /cookie, i will recommend you to do as follows:
open your odoo instance in browser, login to the sytem, now in the browser console, you can see this session_id is stored in cookie, the same session_id is returned by the api end point. so you can call this api end point
Hi,
Using the /web/session/authenticate API end point, you can authenticate the user credentials, once this authentication is done, you will receive a session_id, which can be used as a authenticated token/session_id for the further API calls.
So doing the authentication for once, and then using this session_id you can call further API's.
Have a look at this video explaining the same in detail: https://www.youtube.com/watch?v=wGvuRbCyytk
Thanks
@http.route('/web/list/product', csrf=False, type='json', auth="none", methods=["POST"])
def list_product(self, categ_id):
return request.env['product.template'].search([('categ_id', '=', categ_id)])
You can use auth='none' to access directly without requiring a username and password. Please follow the example.
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Sign up
Thank you, but that is not what I want. I do want to login a user which I verified through an api call.