Closed lbenedix closed 10 years ago
See the example configuration in the annotator store: https://github.com/openannotation/annotator-store/blob/master/annotator.cfg.example
You have to set AUTH_ON and AUTHZ_ON in the application config and then set up an Authenticator instance as g.auth
and an authorizer function as g.authorize
inside a flask before_request
decorator.
See run.py for an example: https://github.com/openannotation/annotator-store/blob/36b647cbfee0bd3752ee2fd5e43205b89e935e36/run.py#L48
We should probably move this issue over to openannotation/annotator-store.
The API is very simple. You need to be able to generate a JWT as the response to a token route and validate that JWT when it's passed in the X-Annotator-Auth-Token
header.
The documentation here shows you which fields should be in the JWT payload: http://docs.annotatorjs.org/en/latest/authentication.html
It may also make more sense for you to write your own store using Django.
On the master branch there has been some work by @Treora to make it less flask specific. If you're interested in contributing Django integration code, I could do the same for Pyramid, and we could work together to make annotator-store a bit more generic, if we think that's still a promising project moving forward.
Can you tell me what I have to do to secure my annotator-store against everybody in the internets who guesses the url annotator.foobar.com to store annotations on my server? We are developing an application with django and run the flask-annotator-store as a sepparate process on the same machine.
Lukas