Tokens are not persistent #2973
Comments
|
Hi! The tokens should persist so not sure what the issue is. Do you have access on the computer to see if there's an issue with the browser on persisting it? (I've seen machines in clinical & school settings that force-wipe all persisted information in browsers, so wonder if it's one of these.) |
|
I don't think you understood the issue. If you try to go to the reports
page the access token is not used, and the site will ask you for the API
Secret. I don't give tree API Secret to anyone.
…On Oct 22, 2017 08:13, "Sulka Haro" ***@***.***> wrote:
Hi! The tokens should persist so not sure what the issue is. Do you have
access on the computer to see if there's an issue with the browser on
persisting it? (I've seen machines in clinical & school settings that
force-wipe all persisted information in browsers, so wonder if it's one of
these.)
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2973 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACLc7ZRzHzmDVnq0YxT-_th-ACJCyDK0ks5suz9agaJpZM4QB7TO>
.
|
|
Ah right, so you'd like a feature whereby loading a page on your nightscout with an authentication token would behave the same as if the token was entered by the user into the UI, so the token is persisted without entering it; is this correct? |
|
Yes. Actually I can figure it out. But I've had to help a couple people. I
think it would be useful.
…On Oct 22, 2017 14:12, "Sulka Haro" ***@***.***> wrote:
Ah right, so you'd like a feature whereby loading a page on your
nightscout with an authentication token would behave the same as if the
token was entered by the user into the UI, so the token is persisted
without entering it; is this correct?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2973 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACLc7bw5_1gCCWP2zZdb9kObf_nRXjsYks5su5OUgaJpZM4QB7TO>
.
|
|
Wow... I just came across this issue too. I understand how to work around it but I was trying to work out how to make autotune web use token based auth. I have a token for autotune that has admin rights (so that it can look at the profiles) but when you go into the main page with the autotune token, that token isn't maintained when you go into the Profiles editor. It's the bare URL/profiles/ without the token. If I manually insert the token at the end, it works fine without the extra API key. But that isn't functional for other systems. I have a strong suspicion that this is the issue that prevents many other systems from working with token-based auth. It would be great if it were possible to have tokens persist into the next level of functionality. I'm using 0.12.3. |
|
Yep, similar issue here. It not being persistent is a problem, especially as they can't enter their token in to the authentication window either as that only accepts the API_SECRET. So you have to explain to them to modify the reports url and add ?token= or create another short URL. This doesn't make much sense to me at all and it's not exactly intuitive. I'd much rather see the API_SECRET being used for linking your device (eg: Spike, xDrip, whatever) and then have user/password authentication to the data hehe. Or the token, but then they have to be able to enter and store the token somewhere so that it's persistent. At the very very least, if the token is entered it should be persistent for at least the Reports function. |
When I create an access token to give to another person (or doctor) - the link is only good for viewing the real time data. When pulling down the menu and selecting "Reports" I get a request to enter the API Secret. This is OK for someone who is just following and has no need to review reports. But for my care team I need to send them a link that allows them to view reports. Right now I edit the link with the access token so that the new link takes them directly to the reports page (adding "reports" before the access token) - and this works. But for the technically challenged, it would be advisable to have a convenient method of either creating the tokenized reports link, or to have the "Reports" menu item send any token received to the new page.
The text was updated successfully, but these errors were encountered: