Use passport and jwt for token based authentication

DevOpsify / releaseMaster

release Master for docker

Apache License 2.0

4 stars 1 forks source link

Open c4po opened 8 years ago

c4po commented 8 years ago

SiweiWang commented 8 years ago

https://jwt.io/introduction/ seems to be a nice way to do it.

SiweiWang commented 8 years ago

Not sure how we going to release this w/o auth method

tomqwu commented 7 years ago

Using passport?

SiweiWang commented 7 years ago

are you going to use oauth? if so, how do you do ACLs? Say anyone with google account can login ?

tomqwu commented 7 years ago

ACLs is another scope I think.

I guess we need to support both oauth2 (API calls) and simple username/password.

Google, Github, LinkedIn etc..?

SiweiWang commented 7 years ago

Okay sound good. passport looks good to me

SiweiWang commented 7 years ago

limit the scope to google OAuth for now

c4po commented 7 years ago

I'm thinking to use API management software like https://github.com/Mashape/kong to manage the API authentication. We can use google OAuth for GUI

SiweiWang commented 7 years ago

Yes, This is for the GUI. But once we have it for the GUI, we get it pretty cheap for API as well.