Closed maxux closed 2 years ago
maxux
commented
3 years ago This is now urgent since ItsYou Online will become unavailable anytime soon. In a first step, organization authentication will probably be dropped and use dedicated key for each repo.
maxux
commented
3 years ago Current playground.hub.grid.tf supports threefold connect token to do api calls.
There is an option to generate a token based on threefold connect app login. Hub generate a persistant token signed which contains threebot name. This token is signed using private key of the hub and is verified on each request to ensure key is issued by ourself.
https://playground.hub.grid.tf/token
This new implementation still use Authorization: bearer [token] like itsyou.online, no changes are required client side for any existing implementation. The new token can be used in parallel with old method. Token type is detected on the fly.
Current limitation: no organizations are possible using this token, each token needs to have it's own threefold login.
Dedicated issue for API authentication using 3bot, which is not possible yet (because of 3bot login features). When API is ready, we need to upgrade tools using it to support 3bot login.
This is next part of #26