Can we change enketo authentication method from type cookie to basic auth?

we are trying to integrate the transform api within a web based plugin but it doesn't allows session cookies to be maintained. So can we change the authentication method for enketo to Basic Auth in configjson.template for enketo.

Hi! I got a question! Why is "enketo" here in the picture at the first place? I mean, most of the times we simply need the data collected so far for any sort of transformation, right? Can be accessed via OData feed, or ODK Central API, but why "enketo"? Even the ODK's integration for Zapier exists.

P.S.: Pardon me in case I missing something here, I am actually curious about what you are trying to implement! :sweat_smile:

It sounds like you want to use Central as a backend but do form transformation elsewhere, maybe to facilitate form design and preview or something like that? But if you're using Enketo from Central, it seems like you might as well do transformation there as well. As @MinimalPotato says, it would be helpful to understand the need a bit better.

I don't believe Central supports basic auth for the OpenRosa endpoints that Enketo uses. Also, we don't generally expect the templated config file to be user-modified so you'd need to be careful about conflicts when you upgrade. All that said, I would encourage you to try it and see what happens.

Hey @LN you are right, we are using central as a backend and then using the central API's and the enketo API's to transform and render forms in a web plugin based application to display forms and get submissions which is outside our current domain.

We were able to make other API's work but the enketo's internal API's are using cookies as authentication method and we are not able to pass cookie's in browser as it is not allowing cookies from different origin.

the Plugin is working on a javascript code and we tried through there as well but were not able to make it pass, i hope this gives you a more clear picture of what we are trying to achieve @MinimalPotato and @LN.

Ah, that's interesting!

Lately, I have been experimenting and toying around with Enketo too.. :sweat_smile:

What I was trying and the exciting glitch I stumbled upon:
So, as we know that in order to view the data collected so far for some form, we gotta download it or use the Central API or maybe OData feed. But, what if someone wishes to view the single submitted form online itself? (The thing is - many of us are geeks and nerds here at the forum, but ODK is mainly used by the researchers - and sadly, not all of them are well versed with tech-stuff, thus it's hard for them to understand the relation between variables and labels OR logic, etc.) So, I guess the only way to view some submitted form is using the "edit" option (which uses enketo) for some form available on the frontend. But, the catch is - "this is only possible if a user have a Project Manager access". This is exactly where the things went dramatical in my case as it's not possible to provide the Project Manager access to everyone involved in the project! :sweat_smile:

I tried toying around and I realized that, "accessing the edit enketo screen for some submitted form is still possible without having the Project Manager access for some project! - i.e. if someone with only Project Viewer access too visits the enketo edit url (which is easy to formulate given the Project Viewer access, without having a Manager access, all one gotta do is to study the network requests), he/she too can view the form in enketo!! But, he/she will not be able to edit it!". Yet, this hack have it's own disadvantages.

So, now I am having second thoughts, maybe I can copy your idea too. It would make it easy for me. But, I will still have to restrict the edit access for viewers, allowing only the viewer access using enketo.

Hmm..

Yes, For the same domain it will work but outside the domain is there any way we can make the enketo work to connect with our forms? instead of parsing cookies

hey @LN do you have any idea about this? if we can achieve this?