Open thatarchguy opened 8 years ago
Let's figure out a way to implement API authentication properly. There are a few different ways to add it in.
HTTP Basic? Auth Header?
OAuth2? This seems to be what the industry is moving towards. It looks like the client would need a separate library to handle that.
https://developer.uber.com/docs/rides/getting-started Their api is split. They use header + key for non-user tasks (getting fair estimates) and OAuth2 for user-required tasks (requesting a ride).
https://stripe.com/docs/api#intro Their api uses HTTP Basic with an API key.
HTTP Basic would be the easiest to implement by far. We could have a management panel to have the users generate keys. We would hook into the app's @login_manager.user_loader to check for the key I believe.
@login_manager.user_loader
How about JWT for this?
mprahl
commented
8 years ago
Let's figure out a way to implement API authentication properly. There are a few different ways to add it in.
HTTP Basic? Auth Header?
OAuth2? This seems to be what the industry is moving towards. It looks like the client would need a separate library to handle that.
https://developer.uber.com/docs/rides/getting-started Their api is split. They use header + key for non-user tasks (getting fair estimates) and OAuth2 for user-required tasks (requesting a ride).
https://stripe.com/docs/api#intro Their api uses HTTP Basic with an API key.
HTTP Basic would be the easiest to implement by far. We could have a management panel to have the users generate keys. We would hook into the app's
@login_manager.user_loaderto check for the key I believe.