#771 Standardize REST API

v1.0.0
closed
Rick Copeland
sf-4 (350)
General
nobody
2015-08-20
2010-07-29
Rick Copeland
No

Using our api is more complicated than necessary. Use OAuth 1.0a to do authentication rather than our hand-rolled stuff.

Discussion

  • Mark Ramm - 2010-09-20

    Or should we rely on SSL and do something more oauth like instead?

     

  • Rick Copeland - 2010-11-30

    We should actually port to oauth to be more standard. Oauth 1.0a has an option to rsa-sign requests so we should be ok for pubkey encryption there.

     

  • Rick Copeland - 2010-11-30
    • summary: Use public key digital signatures in REST API rather than shared secret key --> Standardize REST API
     

  • Rick Copeland - 2010-12-10

    description has changed

     

  • Rick Copeland - 2010-12-10

    If we'd like to use rsa signatures, we can grab the public keys from alexandria:

    select * from user_auth_keys where username='foo';
     

  • Rick Copeland - 2010-12-10
    • status: open --> in-progress
    • assigned_to: Rick Copéland
    • custom_field__milestone: backlog --> dec-13
     

  • Rick Copeland - 2010-12-11
    • status: in-progress --> code-review
     

  • Rick Copeland - 2010-12-14
    • status: code-review --> closed
     

Log in to post a comment.