search

ShoppinPal / vend-oauth-example

Quickly get an oauth token to use with Vend API calls
Apache License 2.0
2 stars 1 forks source link

Host a public demo server #7

Open pulkitsinghal opened 9 years ago

pulkitsinghal commented 9 years ago
  1. Host a public version of this project on Heroku or something similar so that the README can point anyone who doesn't want to run the code locally to the public demo for direct use.
  2. Warn users that they are essentially sharing their client_id and client_secret on a demo site that isn't geared to be super secure but only meant to help folks get a semi-secure quickstart.
  3. Expose endpoints where users who go through the oauth flow can download their respective oauth.json data by sending client_id and client_secret as arguments.
  4. Use something like redis as the backend so that we can quickly & periodically remove data as we don't want the demo server to become a honeypot for hackers.
  5. Warn users that if they don't download their oauth data within X amount of time, we will clean it up from the demo server.
  6. Maybe instead of steps 3-5, email the data to users at the end of the oauth flow?
pulkitsinghal commented 9 years ago

An alternative to setting up this project at all could be to use runscope instead: https://www.runscope.com/oauth2_tool but folks may get confused about what to put into Access Token URL and Authorize URL fields, so does it still make sense to host this project which may have a friendlier (more hands off) flow?

pulkitsinghal commented 9 years ago

@MeghaY - https://devcenter.heroku.com/articles/github-integration

MeghaY commented 9 years ago

@pulkitsinghal : The way I am thinking of implementing this is using the modal service popup asking for client id and secret from the user on page load, if user hasn't already given us those details. Once user enters the details, he can click 'login with vend' button from the pop up and it will redirect user to vend login page for users consent. Once he approves it, we will get the accesstoken and other details in the flow. We can store it in some temporary storage and then if user wants to get that data, he will have to enter the creds again and we can display the data in json form on the page for them. The question I have is what do you think about using modal service as a pop up asking for creds?

pulkitsinghal commented 9 years ago

It makes sense. Go for it!

Sent from my iPhone

On Apr 17, 2015, at 9:06 AM, MeghaY notifications@github.com wrote:

@pulkitsinghal : The way I am thinking of implementing this is using the modal service popup asking for client id and secret from the user on page load, if user hasn't already given us those details. Once user enters the details, he can click 'login with vend' button from the pop up and it will redirect user to vend login page for users consent. Once he approves it, we will get the accesstoken and other details in the flow. We can store it in some temporary storage and then if user wants to get that data, he will have to enter the creds again and we can display the data in json form on the page for them. The question I have is what do you think about using modal service as a pop up asking for creds?

— Reply to this email directly or view it on GitHub.