diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-09-18 13:44:44 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-09-18 13:44:44 +0300 |
commit | 6907f0d0a086649f86b547a224ab43fda090a004 (patch) | |
tree | f465fe020ef28c004e306e0daa0799f23d9a6808 | |
parent | 80291cc6f4b59e68a6c781b85accbbb5de18e2e2 (diff) | |
download | ick.liw.fi-6907f0d0a086649f86b547a224ab43fda090a004.tar.gz |
Publish log entry
-rw-r--r-- | blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn b/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn new file mode 100644 index 0000000..fc62f5a --- /dev/null +++ b/blog/2018/09/18/qvisqve_api_tokens_a_design.mdwn @@ -0,0 +1,50 @@ +[[!meta title="Qvisqve API tokens: a design"]] +[[!tag consensus-decision design qvisqve]] +[[!meta date="2018-09-18 13:25"]] + +Continuing [[previous +musings|/blog/2018/09/14/api_tokens_for_qvisqve]] on API tokens. +Discussed this briefly with Daniel on IRC, and we came to the decision +that going for the approach of using standard client credentials is +the better way over inventing a non-standard API token format and +protocol for using them. + +Thus the approach is as follows: + +* User logs into web application to create a new API client. User + gives them a name, which gets prefixed by their username. Thus, if + user "igor" creates a client called "slab", the actual client id is + "igor/slab". Qvisqve creates the client, and shows the user the + client id and client secret. The secret is generated by Qvisqve. + + The client id prefix is there to make it easier to see whose client + it is. + + The client gets given a list of allowed scopes. This is a subset of + the ones the user has at the time of client creation. The user may + choose to allow only some of the scopes for the client. + + The client gets an attribute "sub", which gets assigned a value + identifying the user who created the client. + +* The Qvsiqve API for creating clients also sets the sub attribute + from the token. (The web application uses the same API endpoint.) + +* An API client with a suitable scope gets to set or remove the sub + field of a client it creates or updates. + +* When a client requests an access token use OAuth2 client + credentials, the token's sub field is set according to the client's + sub attribute, if it is set. + + An access token will have scopes that are the intersection of scopes + the client requested, that the client is allowed to get, and the + user is allowed to get, at the time of the token being granted. + +* Qvisqve will eventually allow users to manage their own + applications: remove the client, reset the client secret (Qvisqve + generates and sets a new one), add and remove scopes (from the set + of scopes the client has). + +* Also eventually, Qvisqve will add groups, but that's not relevant + yet. |