Closed pesho closed 9 years ago
This may be relevant to bitpay/bitauth#13, though I wonder if nonce should be a part of BitAuth, or should remain in the BitPay API.
Continuing from the Reddit discussion:
Generating separate keypairs for each process is not a good solution. It's a manual operation, requiring a live person with access to the BitPay account to grant access for each process separately. We live in the PaaS era, when firing new processes is supposed to be a cheap and quick, even automatic operation.
This should be possible today; once the very first identity is created (and a corresponding token, containing the capability to authorize additional tokens), subsequent identity claims can be approved through the API by using this token. This is definitely a use case that has been on our mind that we aim to improve based on real-world use.
With the addition of API sessions, this issue should be good to close.
It seems so. I'm closing the issue. Thanks to all involved in fixing it.
The
nonce
parameter is required to increase monotonically. This may work well in single-process apps, but is a broken approach in modern distributed apps.E.g. node-bitpay-client uses the current time to seed the
nonce
. This causes failed API requests when several processes are started.