`/auth/signin` will soon be retired

[lasconic]

The eng lead at Finary just announced on the community forum that /auth/signin will soon be retired in favor of a new system. I open this issue to gather information about the new system in place.

[lasconic]

The web UI now does a POST https://clerk.finary.com/v1/client/sign_ins?_clerk_js_version=4.67.0 with identifier and password in the payload.

Finary apparently uses https://clerk.com. There is a python SDK here : https://pypi.org/project/clerk-sdk-python/, not sure if it's needed or if it's maintained.

A wrong password -> HTTP error 422 and a json payload with error Right password -> HTTP 200, somehow we should get a token that we can use in the next API call.

Apparently the token is refreshed often. Not sure if we deal with it in this tool or we let it to the user. Maybe we can verify the token before each call ?

[lasconic]

The API doc : https://clerk.com/docs/reference/frontend-api/tag/Sign-Ins#operation/createSignIn

[lasconic]

Knowing all this, it's pretty simple to modify signin to POST https://clerk.finary.com/v1/client/sign_ins, get a token in the response and use it in the next call on /me for example. It works.

BUT, it's less easy to refresh the token without doing a signin again with the token expired. I'm working on it. Ideally, I would like the signin to be persist more than 20 seconds.

@MadeInPierre what do you think ? What are the requirements for finalynx ?

[lasconic]

refreshing the token now works. Next step 2FA...

[MadeInPierre]

Somehow the old login still works today without issues using finalynx. Deprecated but still active for some time maybe?

I'll look into updating finary_uapi and try your new solution. Thanks for the work!

[lasconic]

I'll release a new version (0.2.0) including this fix and the crowdfunding api soon

[lasconic]

Version 0.2.0 is out on Pypi and supports the new signin scheme only. Main difference, there is a call to clerk.com before any call to api.finary.com