The examples of connecting to a K2 server in the K2 developer reference like here and here all involve setting a username and password in the connection parameters. Using this approach would mean I'd need to store a password in either plaintext or at best using two-way encryption, which is obviously not good practice.
Is there an alternative way, perhaps using a token, to establish these connections? It's hard to believe that every app using this functionality just stores a password somewhere, there are obvious security implications to that.
Note - I am not a K2 API expert, but I've come across it as a product, and do know for sure that it natively supports Windows Authentication. The same page, for which you provided the link, states the following -
The third parameter here is
Integrated=true
and while the documentation is not explicit about it, I'd recommend to use this parameter, and try connect while ignoring theuser id
andpassword
. Assuming that K2 is configured forWindows Authentication
, it should work without having to provide explicit user name or password.. and certainly without need to store them yourself as a client of K2.