Add app name and version to the WRITE API fields

openfoodfacts / openfoodfacts-server

Open Food Facts database, API server and web interface - 🐪🦋 Perl, CSS and JS coders welcome 😊 For helping in Python, see Robotoff or taxonomy-editor

http://openfoodfacts.github.io/openfoodfacts-server/

GNU Affero General Public License v3.0

658 stars 388 forks source link

Add app name and version to the WRITE API fields #1206

Open aleene opened 6 years ago

aleene commented 6 years ago

What

-Add fields to the write api for the app client name and the app client version number. This should identify which app is submitting the data.

Consequently any app that misuses the api, can be blocked and the data can be repaired.

Part of

5523

hangy commented 6 years ago

I'd prefer a token based approach like OIDC #1204 where the app is based off the auth token that was issued for a specific app. That would make it more difficult to fake being another app (which might be used to get a competing app banned).

aleene commented 6 years ago

Does this also allow the user to sign in?

hangy commented 5 years ago

Does this also allow the user to sign in?

Sorry for the late reply! No, it would not. And I think my previous idea of integrating that with OIDC is not good. We could investigate using API keys from tools like Gravitee to identify API consumers. Adding additional edit metadata such as the client's version is probably a good idea anyways!

openfoodfacts / openfoodfacts-server

Add app name and version to the WRITE API fields #1206

What

Part of

5523