Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create new auth handling logic #126

Closed
pvj opened this issue Nov 5, 2021 · 1 comment
Closed

Create new auth handling logic #126

pvj opened this issue Nov 5, 2021 · 1 comment
Assignees
@tuz666
Milestone
Communication/aut...

Comments

@pvj
Copy link
Member

pvj commented Nov 5, 2021

As mentioned in #107 we are in the middle of creating auth handling views that lets us decouple from the current dependency that handles our auth routes & views.

In order to remove that dep we have to adopt some auth logic that authenticates & authorises incoming requests.

For that we must change our api route handling:

  • All requests are only valid if an active, existing token is passed -- preferably in the header
  • All invalid requests should be returned w/ 403 Forbidden HTTP status
  • Tokens should be generated by combination of current date + server-side secret + unique user data -- this should be handled by our newly selected auth provider plugin
  • Token generation and refresh, destruction etc. should be tied to user actions (login, logout etc.)
  • Tokens should be stored along w/ users
@pvj pvj assigned pvj and tuz666 and unassigned pvj Nov 5, 2021
@pvj pvj added this to the Communication/auth improvements milestone Nov 5, 2021
@tuz666 tuz666 mentioned this issue Aug 27, 2022
Merged
@tuz666 tuz666 closed this as completed May 21, 2023
@tuz666
Copy link
Collaborator

tuz666 commented May 21, 2023

Resolved in the following PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tuz666 tuz666

Labels
None yet
Projects
None yet
Milestone
Communication/auth improvements
Development

No branches or pull requests
2 participants
@pvj @tuz666