Closed jeffersonheard closed 12 years ago
jeffersonheard
commented
12 years ago The problem I see with that approach is that I'd like to have a person login to the overall GA system and have bigboard as an application they can reach. If bigboard had a separate API key for every user, that'd break that unless the API key was somehow valid across all of GA. Something to think about, though. In the meantime, this bug is easily fixed and I will take care of it this weekend.
NathanRSmith
commented
12 years ago Tastypie has models to generate an API key for each user on the site. There is a management command to generate them for existing users and a hook to create it for new users automatically. Then when the user requests the main django view for the bigboard just require that they be logged in, look up their API key, add it to the template context and create a global JavaScript variable with that value in your template.
Jeff Heard reply@reply.github.com wrote:
The problem I see with that approach is that I'd like to have a person login to the overall GA system and have bigboard as an application they can reach. If bigboard had a separate API key for every user, that'd break that unless the API key was somehow valid across all of GA. Something to think about, though. In the meantime, this bug is easily fixed and I will take care of it this weekend.
Reply to this email directly or view it on GitHub: https://github.com/JeffHeard/ga_bigboard/issues/2#issuecomment-7315220
jeffersonheard
commented
12 years ago Alright, then, I'm sold. I'll branch and try it out on a development branch. If it works, I'll merge it in with the mainline code.
I would suggest moving to the ApiKeyAuthentication method for tastypie instead of BasicAuthentication, that way it's not the username/password that is getting sent each but rather the username and a key that can be changed if it is compromised and only allows access to the tastypie interfaces.