Skip to content

Add API Token auth #884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Dec 14, 2019
Merged

Add API Token auth #884

merged 10 commits into from
Dec 14, 2019

Conversation

connorshea
Copy link
Owner

@connorshea connorshea commented Dec 11, 2019
edited
Loading

Fixes #883.

This adds support for authenticating using API Tokens. This will simplify the process of interacting with the API since you'll no longer need to use an OAuth application.

image

This implementation isn't perfect. For one, the tokens are stored unencrypted in the database, which I don't like. And the simple_token_authentication gem creates tokens even if the user doesn't need one, which is also annoying. I might replace this with a self-made implementation in the future since the gem is pretty simple already, but I don't think these problems are quite bad enough to warrant not shipping this as-is.

@connorshea connorshea added enhancement New feature or request api GraphQL API-related issues and PRs labels Dec 11, 2019
@connorshea
Try to add simple token authentication gem.
8c01e5d
@connorshea
Enable token authentication to be used instead of OAuth.
ec78f53 
If the user sends an Authorization header, the OAuth checks
are run. Otherwise, authenticate with a token. If the token
is invalid, the simple token authentication gem will raise and halt
the request. This should be Perfectly Secure™.
@connorshea
Add Reset Token and View Token buttons in Settings.
18372d8 
Add an endpoint for resetting the user's authentication token.
Add an endpoint for displaying the API token to the user.
@connorshea
Update API.md with API token-related instructions.
07e2a2f
@connorshea
Update routes.rbi.
4745513
@connorshea
Add some settings request tests and fix some other tests.
356eafb 
Still not sure why the GraphQL request spec is failing.
@connorshea
Add test for GraphQL request that uses an
9b35801 
authentication token.
@connorshea
Update the user and settings policy specs.
0676c7f
@connorshea
Update sorbet type defs.
1e81b37
@connorshea connorshea marked this pull request as ready for review December 14, 2019 01:24
@connorshea connorshea merged commit f78d8f4 into master Dec 14, 2019
@connorshea connorshea deleted the simple-token-auth branch December 14, 2019 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
api GraphQL API-related issues and PRs enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add API Tokens
1 participant
@connorshea