You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
in order to ensure not everyone can read and increment the value of the counter
as admin
i want apiusers to have to send some keypassword to authenticate
i also need to be able to configure who can do what and have the ability to revoke access treat user 1 (admin) in a different way than users
Counter related actions require api key or access token
there should be a scope for reading
just because i can read doesnt mean i can increment.
authenticate individual counter
ability to set display to public but only increment with 'password/apikey'
Auth related actions
Change admin Password
Register generated api key (representing a user)
Reset API Key (which is authenticating a user)
Revoke api key (representing a user)
Reset Access token (for a specific ressource and client)
Create Access token (for a specific ressource and client)
Counter password considerations - if the counter can be configured individually as public or to require a password/apikey to access what would that mean for locking and other actions?
Counter routes authentication using oauth 2
api keys and scopes will be maintained in db tables.
keys are our closest approximation to users
scopes represent permissions/roles.
we may also maintain access tokens that can be created by users so they can keep their api key protected.
Admin ui routes authentication
add a route i can query if i know the Adminsupersecret to get a adminToken
adminToken will be required to be passed via header, cookie or querystring in order to access admin paths
[[http://www.appelsiini.net/projects/slim-jwt-auth]]
adjust swagger auth definitions
[[https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md]]
[[https://github.com/Implement OAuth2 password flow swagger-api/swagger-ui#2397]]
[[https://github.com/How to integrate with jwt based authentication? swagger-api/swagger-ui#818#issuecomment-228700751]]
[[https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-scheme-object-example]]
[[http://apihandyman.io/writing-openapi-swagger-specification-tutorial-part-6-defining-security/]]
The text was updated successfully, but these errors were encountered:
in order to ensure not everyone can read and increment the value of the counter
as admin
i want apiusers to have to send some keypassword to authenticate
i also need to be able to configure who can do what and have the ability to revoke access treat user 1 (admin) in a different way than users
Counter related actions require api key or access token
Auth related actions
api keys and scopes will be maintained in db tables.
keys are our closest approximation to users
scopes represent permissions/roles.
we may also maintain access tokens that can be created by users so they can keep their api key protected.
add a route i can query if i know the Adminsupersecret to get a adminToken
adminToken will be required to be passed via header, cookie or querystring in order to access admin paths
[[http://www.appelsiini.net/projects/slim-jwt-auth]]
[[https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md]]
[[https://github.com/Implement OAuth2 password flow swagger-api/swagger-ui#2397]]
[[https://github.com/How to integrate with jwt based authentication? swagger-api/swagger-ui#818#issuecomment-228700751]]
[[https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-scheme-object-example]]
[[http://apihandyman.io/writing-openapi-swagger-specification-tutorial-part-6-defining-security/]]
The text was updated successfully, but these errors were encountered: