-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth integration flows #18
Comments
Sounds good. Just need to make sure we add details regarding limits/remaining credits in the UI to make it clear its using the personal account.
For clarity, I think you mean API key, not token as above. But sounds good, we add a slash command to register a pre-created API key and any user can do it. Plus of course a command to list remaining credits.
What is memory? You mean a Redis cache. Sounds like too many steps for little benefit |
They are the same thing, and we call them tokens. What do you think would be an API key vs a token?
No, just a local TTL cache. |
Token is a temp key issued automatically after authentication. Its not user generated or managable or visible in the UI. API keys are persistent and managed by the user.
Im confused, cached where and by who? |
Ok, to clarify, we're calling both of these "tokens" (same as GitHub's "personal access tokens") and there's no technical difference between them, other than the system-ones have a flag to not be visible in the UI.
Cached by the API in its memory. But that part is relevant mostly only for @alexey-yarmosh anyway. |
We are generating these hidden tokens because they will be used to query data from other system, not directus? |
@alexey-yarmosh we're talking about tokens for our APIs, e.g., when you are logged in on the web, this tool should make requests under your account: So the idea is the front-end asks for a token in the background (user doesn't have to generate and paste it) and for GP API it's a request with a token like any other (once we add support for them). |
Can you expand on that? Does it mean that in a few years our DB will be full of useless one-time tokens? |
That expired (system) ones will be deleted periodically. That's something we'd have to do regardless. |
We have the basic tokens functionality, but it hasn't been integrated into any of the services and clients. I'll describe the flows I expect to use in each integration, and if we agree it's all good, I'll then create the issues in the affected repos.
jsDelivr Purge / Globalping homepage GUI app
We'll configure Directus to set its cookies for
jsdelivr.com
so that any subdomain can read them. Then, we'll be able to detect if the user is logged in to the dashboard from the website and perform any API calls. This way, our front-end code on the website can request a token for the specific API and use it without the user having to do anything.Tokens created this way will have a special flag in the DB and will not be visible in the user's dashboard. For security reasons, they also have a short TTL (1 day). This doesn't impact the UX in any way since the UI can always request a new token in the background as long as the user is signed in the dashboard (and prompt to sign if not).
Globalping CLI
A token must be created and added manually, probably either set via an env var or a config file. A new command can also be added that:
https://dashboard.jsdelivr.com/tokens/new/?name=Globalping%20CLI....
which brings the user to the correct page with values pre-filled.Of course, if the user already has a token, they skip step 1 and simply paste it.
Globalping Discord / Slack
A token must be created and added manually via a new command. It is then stored for that app installation in our DB. The flow can be similar to the CLI, or we can optionally not provide the link here (step 1) if we don't want it to be "too easy" as we previously discussed.
jsDelivr Purge / Globalping API
Requirements:
Suggestion:
Note that this applies only to requests not using credits. If the users exceeds their time-based requests quota and has credits, that'll be handled separately in a next step.
The text was updated successfully, but these errors were encountered: