issues
search
arso-project
/
sonar
A p2p content database and search engine
https://sonar.arso.xyz/
GNU General Public License v3.0
123
stars
6
forks
source link
Authentication next steps
#62
Open
Frando
opened
4 years ago
Frando
commented
4 years ago
What we still need to do:
[ ] client: don't store tokens/accesscode in localStorage, use secure cookies instead
[ ] server: allow to create tokens with read/write capabilities for specific collections
[ ] client: support multiple tokens/accesscodes
[ ] rethink token vs accesscode model, review where we want/need JWTs
[ ] add one-time login links for use in short URLs, remove accesscodes
[ ] maybe add sessions (after login) with plain old session cookies (less overhead than JWTs in all requests)
[ ] add UI to manage tokens
[ ] rethink if/how we want to derive tokens/JWT from hypercore keys
What we still need to do: