msmitherdc
commented
7 years ago @chambbj you should not share passwords. Each user has their own account and password.
Closed chambbj closed 7 years ago
msmitherdc
commented
7 years ago @chambbj you should not share passwords. Each user has their own account and password.
chambbj
commented
7 years ago @msmitherdc I mean in the sense that the app should not have to prompt the user for their GRiD username and password. It would be nice if the app could redirect to GRiD for user consent and issue a token at that point.
AlexMountain
commented
7 years ago I have implemented OAuth2 using the Authentication Code grant type for the GRiD API v3+. I will leave this open for the time being in case there are any issues or further discussions around OAuth to be had.
AlexMountain
commented
7 years ago OAuth2 is a go. Closing this one.
GRiD and apps that use its API should not share passwords. GRiD should be able to revoke tokens for an individual user or for an entire app. GRiD should use an approach that is considered industry standard and is familiar to application developers.