Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Authentication Management #148

Open
thatarchguy opened this issue Jul 27, 2016 · 1 comment
Open

API Authentication Management #148

thatarchguy opened this issue Jul 27, 2016 · 1 comment
Milestone
v2.0.0

Comments

@thatarchguy
Copy link
Member

Let's figure out a way to implement API authentication properly. There are a few different ways to add it in.

HTTP Basic? Auth Header?

OAuth2? This seems to be what the industry is moving towards. It looks like the client would need a separate library to handle that.

https://developer.uber.com/docs/rides/getting-started
Their api is split. They use header + key for non-user tasks (getting fair estimates) and OAuth2 for user-required tasks (requesting a ride).

https://stripe.com/docs/api#intro
Their api uses HTTP Basic with an API key.

HTTP Basic would be the easiest to implement by far. We could have a management panel to have the users generate keys. We would hook into the app's @login_manager.user_loader to check for the key I believe.
@mprahl mprahl added this to the v2.0.0 milestone Jul 28, 2016
@mprahl
Copy link
Member

mprahl commented Nov 8, 2016

How about JWT for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.0.0
Development

No branches or pull requests
2 participants
@thatarchguy @mprahl