search

Authentura / codectrl

https://codectrl.authentura.com
MIT License
9 stars 4 forks source link

Proposal for Authentication and Authorisation #32

Open STBoyden opened 2 years ago

STBoyden commented 2 years ago

cc-auth-flow

STBoyden commented 2 years ago

@svmorris @CollinJoseph @z9fr @kozmer

Any ideas, suggestions, etc?

z9fr commented 2 years ago

i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.

for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?

STBoyden commented 2 years ago

i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.

Sounds like a good idea, it's just finding a way to generate those tokens?

for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?

OAuth would be cool, but not sure how to implement on the client-side. Would have to research into it a bit more.

z9fr commented 2 years ago

i do have some recommendations sam. how about we go for token based authentication and drop the whole idea of API keys but instead use the user's token to query the API. as a example like the gmail API. this way we dont have to worry about generating / managing API keys right ? uses can generate a token and use it.

Sounds like a good idea, it's just finding a way to generate those tokens?

for the tokens we can use jwt tokens right ? OAuth flow requires to generate the tokens anyways we can use the same tokens for the api right ? and if we are using any providers they will do this for us so we dont have to worry about this right ?. also I think we can use the same tokens for api auth so we dont have to manage api keys

somewhat similar to gmail api

for the authentication i think it might be good to implemented OAuth. we can use some OAuth providers like google for login which might be easy for the end-users right ?

OAuth would be cool, but not sure how to implement on the client-side. Would have to research into it a bit more.

We can use a OAuth providers right something like github and google

STBoyden commented 2 years ago

This is being worked on currently :)

STBoyden commented 2 years ago

Still not entirely sure what to implement it but there's a basic Login/Logout workflow now working in the application

z9fr commented 2 years ago

great

STBoyden commented 1 year ago

auth_proposal excalidraw