Labels Milestones

New Issue

API authentication #275

Closed

by elegaanz opened 3 years ago · 1 comments

elegaanz commented 3 years ago (Migrated from github.com)

Owner

Currently the API doesn't require authentication. It is not a real problem yet, as the two routes we implemented are read-only, but for routes that will add/change user content, request should be authenticated.

Here is how I see it (tell me if you think something is wrong with this design, I'm not used REST APIs):

• There is an endpoint in the API for apps to register themselves, it returns a client ID, a client secret
• there is another endpoint to get an access token, that requires the client ID, secret and users credentials
• this token should be sent in the Authorization header for authenticated API requests
• Users can revoke any token from Plume

Plume version (and/or commit): 0.2.0

Currently the API doesn't require authentication. It is not a real problem yet, as the two routes we implemented are read-only, but for routes that will add/change user content, request should be authenticated. Here is how I see it (tell me if you think something is wrong with this design, I'm not used REST APIs): - There is an endpoint in the API for apps to register themselves, it returns a client ID, a client secret - there is another endpoint to get an access token, that requires the client ID, secret and users credentials - this token should be sent in the `Authorization` header for authenticated API requests - Users can revoke any token from Plume Plume version (and/or commit): 0.2.0

trinity-1686a commented 3 years ago

Owner

APIs usually use OAuth authentication. I don't know if there are any crates for it (I saw lots of client-side, but not that much servers-side implementation on crate.io), but I think the best way is probably to use that as it's standard

APIs usually use OAuth authentication. I don't know if there are any crates for it (I saw lots of client-side, but not that much servers-side implementation on crate.io), but I think the best way is probably to use that as it's standard

👍 5

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

DearRude/force-lang

RAOF/fix-arm64-build

clippy

drone-ci

epsilon-phase/authorized-fetch

feature/ldap

fix-mobile-margin

floreal/translations-update

go/async

igalic/feat/custom-fairing-domains

igalic/go/async-all-mut

improve-the-editor-once-again

ldap-non-anon

main

missing-docs

remove-dup-images

sign-get

signature

test/dotenv_error

upgrade

v0.7.0

0.2.0-alpha-1

0.3.0-alpha-2

0.4.0-alpha-4

0.5.0

0.6.0

Labels

Apply labels

Clear labels

A: API
Related to the REST API A: Backend
Code running on the server A: Federation
Stuff related to Federation A: Front-End
Related to the front-end A: I18N
Translations, and related code A: Meta
More about project management or code than the project itself A: Security Build
The building, or installation process of Plume C: Bug
Something isn't working C: Discussion
We need to talk C: Enhancement
New feature or request C: Feature
This is a new feature Compatibility
Compatibility with different browsers, readers and OS Dependency
Related to an external package that Plume uses Design
UI/UX related issues and PRs Documentation Good first issue
Good for newcomers Help welcome
Extra attention is needed Mobile
Issues affecting only mobile UX Rendering
How elements're rendered out for the end user S: Blocked
Something else needs to be fixed first S: Duplicate
This issue or pull request already exists S: Incomplete
This PR is not complete yet S: Instance specific
Issues concern a limited number of instances S: Invalid
This doesn't seem right S: Needs Voting/Discussion
Need to be discussed by the community (on Loomio) S: Ready for review
This PR is ready to be reviewed Suggestion
Proposed ideas worth considering S: Voted on Loomio
This is issue has been created after a vote on Loomio S: Wontfix
This will not be worked on

No Label A: API A: Backend A: Federation A: Front-End A: I18N A: Meta A: Security Build C: Bug C: Discussion C: Enhancement C: Feature Compatibility Dependency Design Documentation Good first issue Help welcome Mobile Rendering S: Blocked S: Duplicate S: Incomplete S: Instance specific S: Invalid S: Needs Voting/Discussion S: Ready for review Suggestion S: Voted on Loomio S: Wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Assignees

Assign users

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.