#4633 Supplement oauth with simple api keys


Oauth is complicated for end-users, and simple API keys would be easier. A few features to think about:

  • security - builtin to oauth, not needed if traffic is on HTTPS
  • separate keys per app - a "simple" key approach should still allow multiple keys per account. Let users give them names, create more keys, and revoke keys.

Are there any other features that oauth does provide?


  • Kyle Adams

    Kyle Adams - 2012-08-01

    Note that the user story driving this ticket is: "As a project admin, I need an easy, scriptable way to create new project releases." We already have a RESTful API wrapped around updating a file's metadata, but you need to be authenticated to use it.

    To be clear, I don't want to replace OAuth support in Allura. I'd just like a token in addition to OAuth.

    OAuth seems to work great when you have two websites talking back and forth and they can obscure the complexities of the exchange from the end user. On the other hand, when the end user (i.e., project admin) has to interact with Allura's API, a simple key or token would be much easier.

    I don't think we need separate keys per app if we implement a token alongside OAuth. More complicated use cases (i.e., apps) can use OAuth.

  • Kyle Adams

    Kyle Adams - 2012-08-06
    • status: open --> in-progress
    • assigned_to: Kyle Adams ♞
    • milestone: forge-backlog --> forge-aug-10
  • Dave Brondsema

    Dave Brondsema - 2012-08-09
    • milestone: forge-aug-10 --> dir-aug-10
  • Kyle Adams

    Kyle Adams - 2012-08-20
    • summary: Replace oauth with simple api keys --> Supplement oauth with simple api keys
  • Kyle Adams

    Kyle Adams - 2012-08-22
    • status: in-progress --> open
    • assigned_to: Kyle Adams ♞ --> nobody
    • milestone: dir-aug-24 --> forge-backlog
  • Chris Tsai - 2013-04-26
    • labels: --> allura-api
  • Cory Johns

    Cory Johns - 2013-09-26

    I'm implementing bearer tokens in [#6692]



    Tickets: #6692

  • Dave Brondsema

    Dave Brondsema - 2013-10-31
    • status: open --> closed
    • Milestone: forge-backlog --> forge-nov-01

Log in to post a comment.