Plume/Plume
9
18
Forkkaa 24
Koodi Ongelmat 177 Vetopyynnöt 8 Julkaisut 8 Wiki Toiminta

API authentication #275

Uusi ongelma
Suljettu
opened 2018-10-09 20:08:46 +00:00 by elegaanz · 1 kommentti
elegaanz kommentoi 2018-10-09 20:08:46 +00:00 (Migrated from github.com)
Kopioi linkki

Currently the API doesn't require authentication. It is not a real problem yet, as the two routes we implemented are read-only, but for routes that will add/change user content, request should be authenticated.

Here is how I see it (tell me if you think something is wrong with this design, I'm not used REST APIs):

  • There is an endpoint in the API for apps to register themselves, it returns a client ID, a client secret
  • there is another endpoint to get an access token, that requires the client ID, secret and users credentials
  • this token should be sent in the Authorization header for authenticated API requests
  • Users can revoke any token from Plume

Plume version (and/or commit): 0.2.0

Currently the API doesn't require authentication. It is not a real problem yet, as the two routes we implemented are read-only, but for routes that will add/change user content, request should be authenticated. Here is how I see it (tell me if you think something is wrong with this design, I'm not used REST APIs): - There is an endpoint in the API for apps to register themselves, it returns a client ID, a client secret - there is another endpoint to get an access token, that requires the client ID, secret and users credentials - this token should be sent in the `Authorization` header for authenticated API requests - Users can revoke any token from Plume Plume version (and/or commit): 0.2.0
trinity-1686a kommentoi 2018-10-10 14:48:36 +00:00
Omistaja
Kopioi linkki

APIs usually use OAuth authentication. I don't know if there are any crates for it (I saw lots of client-side, but not that much servers-side implementation on crate.io), but I think the best way is probably to use that as it's standard

APIs usually use OAuth authentication. I don't know if there are any crates for it (I saw lots of client-side, but not that much servers-side implementation on crate.io), but I think the best way is probably to use that as it's standard
👍 5
Kirjaudu sisään liittyäksesi keskusteluun.
Haaraa/tagia ei määritelty
Branchit Tagit
main
1686a/resist-gone-sender
1686a/fast-fill
paginate-search-init
s3
fix-delete-user
timeline-cli
blog-title
signature
remove-dup-images
ldap-non-anon
drone-ci
DearRude/force-lang
igalic/go/async-all-mut
go/async
floreal/translations-update
missing-docs
RAOF/fix-arm64-build
epsilon-phase/authorized-fetch
upgrade
improve-the-editor-once-again
igalic/feat/custom-fairing-domains
feature/ldap
test/dotenv_error
fix-mobile-margin
0.7.2
0.7.1
0.7.0
0.6.0
0.5.0
0.4.0-alpha-4
0.3.0-alpha-2
0.2.0-alpha-1
Tunnisteet
Tyhjennä tunnisteet   
A: API

Related to the REST API

  
A: Backend

Code running on the server

  
A: Federation

Stuff related to Federation

  
A: Front-End

Related to the front-end

  
A: I18N

Translations, and related code

  
A: Meta

More about project management or code than the project itself

  
A: Security

   
Build

The building, or installation process of Plume

  
C: Bug

Something isn't working

  
C: Discussion

We need to talk

  
C: Enhancement

New feature or request

  
C: Feature

This is a new feature

  
Compatibility

Compatibility with different browsers, readers and OS

  
Dependency

Related to an external package that Plume uses

  
Design

UI/UX related issues and PRs

  
Documentation

   
Good first issue

Good for newcomers

  
Help welcome

Extra attention is needed

  
Mobile

Issues affecting only mobile UX

  
Rendering

How elements're rendered out for the end user

  
S: Blocked

Something else needs to be fixed first

  
S: Duplicate

This issue or pull request already exists

  
S: Incomplete

This PR is not complete yet

  
S: Instance specific

Issues concern a limited number of instances

  
S: Invalid

This doesn't seem right

  
S: Needs Voting/Discussion

Need to be discussed by the community (on Loomio)

  
S: Ready for review

This PR is ready to be reviewed

  
Suggestion

Proposed ideas worth considering

  
S: Voted on Loomio

This is issue has been created after a vote on Loomio

  
S: Wontfix

This will not be worked on

Ei tunnisteita
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Merkkipaalu
Tyhjennä merkkipaalu
Ei kohteita
Ei merkkipaalua
Projektit
Clear projects
Ei kohteita
Ei projektia
Käsittelijä
Tyhjennä käsittelijä
Ei käsittelijää
2 osallistujaa
Ilmoitukset
Määräpäivä
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

Määräpäivää ei ole asetettu.

Riippuvuudet

Riippuvuuksia ei asetettu.

Viittaus: Plume/Plume#275
Ei kuvausta.
Poista haara "%!s()"

Haaran poistaminen on pysyvä toimenpide. Vaikka poistettu haara voi jäädä olemaan lyhyeksi ajaksi, ennen kuin todellisesti poistetaan, poistoa EI VOI perua useimmiten. Jatketaanko?