Closed EasonC13 closed 2 years ago
The token is just an opaque "secret" string. It is up to pinning service to generate it, and manage its validation. When you create your own pinning service you can make it whatever you want, and manage it whatever you want :)
For a simple service, it could be just a secret password encoded as base64, and a database that keeps mapping between user and password. For a bigger service where server-side state does not scale, create stateless token that can be validated at the edge with minimal cost. And example of the latter is Pinata: their access tokens are in JWT (https://jwt.io/) format.
@EasonC13 is the above useful?
I'd like to improve documentation at https://ipfs.github.io/pinning-services-api-spec/#section/Authentication – lmk what questions you'd like to have answered there. :pray:
@lidel Yes, I see. Your explain is useful. While I don't find a tutorial about how to create a pinning service by existing IPFS node yet.
I mostly curious now is the API schema and format of a pinning service, can I found the document about it somewhere?
I expect the document can link to a tour about how to create a pinning service with simple base64 token. And can guide user set up their own pinning service.
Maybe you can write one on that part of document to help me and people who have same problem?
And if you can help me figure out, I might able to help you write the guide, too. I'm willing to share!
Thank you
Oops, seems like we needed more information for this issue, please comment with more details or this issue will be closed in 7 days.
Implementers are free to decide how access token is generated: https://ipfs.github.io/pinning-services-api-spec/#section/Authentication (assuming you've figured it out by now :))
Hi, I'm trying to host an IPFS node with a custom pinning service, which allow specific people PIN their files on my node remotely.
The Tutorial said that
An opaque token is required to be sent with each request in the HTTP header:
and itshould be generated per device, and the user should have the ability to revoke each token separately.
However, I can't find where or how to generate and manage these access token?
Is there a plugin I need to install? Not find via Tutorial and Google.
If you know, please give me a hand. Thank you!