Implement auth flows - Githubissues

dekarrin / morc

Scriptable automated CLI REST Client

MIT License

0 stars 0 forks source link

Open dekarrin opened 5 months ago

dekarrin commented 5 months ago

Authentication

ALWAYS SEND:

the user has a resource and will always send a static auth proof to some location.

IF NEEDED:

If possible, prior to starting, determine if auth is needed (e.g. expired token, no token, etc). If there is no way to tell at this stage, assume it is needed.
Send a request to somewhere asking for a token.
Apply transformations to retrieved values as needed.
Populate a variable with the new item.

dekarrin commented 2 months ago

AUTH options:

static creds (e.g. HTTP Basic Auth). creds and their target location are supplied. HTTP Basic can be automatically selected as an AuthType.
dynamic creds - something is retrieved that proves authentication ("AuthProof"). This CAN be stored, if it is not one-time. The parameters for AuthTypes that specify this are where it comes from (flow exectuion) and where to capture the thing from, and how to tell expiration, and how to transform it, and where to put it.