-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EPIC: AUTH_API_KEY How to Run the App with a Single Environment Variable #42
Comments
The beauty of AES256 is that the person can create virtually infinite API keys for the same
So the person can use their dwyl app data from an unlimited number of places |
What are the desired fields for an API key schema/table?
Can you think of any other fields we might want to have for an API key? |
I freaking hate the totally unnecessary complexity that Phoenix Contexts introduces.
|
I think I'm going to store the keys as |
https://dwylauth.herokuapp.com/ https://dwylauth.herokuapp.com/profile https://dwylauth.herokuapp.com/profile/apikeys https://dwylauth.herokuapp.com/profile/apikeys/new
|
Next: UX #51 ✨ |
UX Complete. PR is reviewable! #43 |
As noted in the discussion in #34 ("How do we want to handle multiple applications using auth?"),
our objective is to let anyone connect to the App/API server or run the App on their
localhost
using a single environment variable:DWYL_API_KEY
DWYL_API_KEY
they can use for the App.DWYL_API_KEY
should be the encryptedperson.id
so we can easily check if a Key is valid simply by confirming that it decrypts into an integer. 💡auth_plug
should send the first portion of theDWYL_API_KEY
(corresponding to theclient_id
) to theauth_url
when a request fails. > Check for/ DWYL_API_KEY before AUTH_API_KEY auth_plug#14decrypt_decode
theclient_id
and then lookup inapikeys
Extract client_id from HTTP referer #55The text was updated successfully, but these errors were encountered: