Task #1837
- Status changed from New to Accepted
- Status changed from Accepted to In Progress
- Status changed from In Progress to Accepted
- Description updated (diff)
- Tracker changed from User Story to Task
- Parent task set to #1897
- Assignee set to Brahadeesh Dheenadayalan_Sivakami
- Priority changed from Normal to High
- Status changed from Accepted to Feedback
- Assignee changed from Brahadeesh Dheenadayalan_Sivakami to Kurt Gerber
Hi Kurt,
After discussion with Kevin, here is a proposed authentication mechanism for allowing users to create cases, upload images and edit cases.
This is very non-standard and maybe insecure.
- Use the existing API Token for Primary authentication in all cases.
- Create a Secondary authentication table, as follows:
- One to one relationship to the Registered UserID
- 3 fields --> 'UserID', 'APPToken' & 'time_stamp'
- When a user with the header 'User-Agent: app' sends a request <to create a case, upload images or edit cases>*
- Authenticate with the API Token to ensure user has access to API.
- Check if the Authenticated User has an 'unexpired' APP Token <a time limit is used to designate stale/fresh APP Tokens>
- No APP Token, Create the token and serve response + new APP Token <initial handshake>
- Unexpired APP Token, accept the request, refresh the token time stamp and serve the response
- Expired APP Token, refresh the token and serve the response + new APP Token
- Incorrect APP Token, respond as invalid <potential issue here on what to do with works in progress for the user>
Looking ahead to the discussion and feedback.
Thanks,
Guhan
- Assignee changed from Kurt Gerber to Brahadeesh Dheenadayalan_Sivakami
Could you try to document here, what we have discussed concerning the authentification?
Hi Kurt,
Apologies for the delay in getting this out.
Please find attached the description of the proposed solution based on our discussion from 3 weeks back.
Thanks,
Guhan
- Status changed from Feedback to Closed
Also available in: Atom
PDF