Open STBoyden opened 2 years ago
@svmorris @CollinJoseph @z9fr @kozmer
Any ideas, suggestions, etc?
i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.
for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?
i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.
Sounds like a good idea, it's just finding a way to generate those tokens?
for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?
OAuth would be cool, but not sure how to implement on the client-side. Would have to research into it a bit more.
i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.
Sounds like a good idea, it's just finding a way to generate those tokens?
for the tokens we can use jwt tokens right ? OAuth flow requires to generate the tokens anyways we can use the same tokens for the api right ? and if we are using any providers they will do this for us so we dont have to worry about this right ?. also I think we can use the same tokens for api auth so we dont have to manage api keys
somewhat similar to gmail api
for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?
OAuth would be cool, but not sure how to implement on the client-side. Would have to research into it a bit more.
We can use a OAuth providers right something like github and google
This is being worked on currently :)
Still not entirely sure what to implement it but there's a basic Login/Logout workflow now working in the application
great