Open tahpot opened 3 months ago
Currently the /connect and /sync endpoints expects the private key (or seed phrase) of an identity.
/connect
/sync
This was just for the PoC and is poor security practice. This needs to be upgraded to accept either one of:
access
Verida: Vault
See: https://www.npmjs.com/package/@node-oauth/express-oauth-server and https://www.npmjs.com/package/@node-oauth/oauth2-server
tahpot
commented
2 months ago tahpot
commented
2 months ago
Currently the
/connectand/syncendpoints expects the private key (or seed phrase) of an identity.This was just for the PoC and is poor security practice. This needs to be upgraded to accept either one of:
accesstoken for theVerida: Vaultcontext (Permits time limited read / write access)Verida: Vaultcontext (Permits permanent read / write access)