Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalidate user apiKey? #510

Closed
jjoseba opened this issue Feb 10, 2016 · 1 comment
Closed

Invalidate user apiKey? #510

jjoseba opened this issue Feb 10, 2016 · 1 comment
Labels
bug Medium priority
Milestone
May 2016

Comments

@jjoseba
Copy link
Member

jjoseba commented Feb 10, 2016
edited by alexlittle

With the current approach of login users locally, there can be an scenario as following:

  1. User logs in the app, and her username/apiKey gets stored in the device
  2. The apiKey gets invalidated by some reason
  3. The user cannot longer communicate with the API, as it will return always 401 responses

To solve this, the app could invalidate an apiKey once it gets an Auth error from the server, so the user has to login again and get a new apiKey.
@alexlittle
Copy link
Member

Thanks - yes that seems to be a good approach.

@alexlittle alexlittle added this to the May 2016 milestone Mar 1, 2016
jjoseba added a commit to jjoseba/oppia-mobile-android that referenced this issue May 9, 2016
@jjoseba
DigitalCampus#510: Added basic classes squeleton for the invalidation…
566bc16 
… process
jjoseba added a commit to jjoseba/oppia-mobile-android that referenced this issue May 9, 2016
@jjoseba
DigitalCampus#510: Implemented methods to validate and invalidate apiKey
1de05ac
jjoseba added a commit to jjoseba/oppia-mobile-android that referenced this issue May 9, 2016
@jjoseba
DigitalCampus#510: Added the logic to logout the user once the apiKey…
5d906f2 
… has been invalidated
jjoseba added a commit to jjoseba/oppia-mobile-android that referenced this issue May 10, 2016
@jjoseba
DigitalCampus#510: Added apiKey logic in every place we make requests…
678ca83 
… to the server
jjoseba added a commit to jjoseba/oppia-mobile-android that referenced this issue May 10, 2016
@jjoseba
DigitalCampus#510: Login against server when the user's apiKey has be…
08a1663 
…en invalidated
@jjoseba jjoseba mentioned this issue May 10, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Medium priority
Projects
None yet
Milestone
May 2016
Development

No branches or pull requests
2 participants
@alexlittle @jjoseba