Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Add ui for managing api clients #888
Wow, this has been a long awaited feature, great idea.
Before I actually review the code, here's a little questionnaire to help you make sure every concern is accounted for:
Feel free to dismiss some of these concerns as suitable for a followup, but just want to makesure everything is accounted for.
Thanks @casperisfine ! Appreciate you prompting the discussion
Good question, I thought about this and I believe a global list is better, since it makes it easier for collaboration or helping someone out (e.g. they are missing a permission on an existing key that one of their app is using). A filter or search functionality here could be pretty useful though
I agree on the reveal button. I was thinking about adding that along with some auditing as well as a followup. Both for viewing the key, and also for when the key was last used.
I was thinking about adding a
Yeah that's a good point, I can probably patch that into this PR
Not exactly the same effect. If you revoke / unrevoke you are making an existing token unusable.
Regenerating mean getting a new, valid token, while revoking the old one.
So basically for shipit it would mean creating a new record, will all identical attributes (except
Ahh I see what you mean. I feel like we don't need a specific regenerate feature.
The case I'm thinking of in my head is if a key needs to be rotated. In most key rotation cases, both keys need to be supported for a period of time anyways. So for a regeneration of key 1, key 2 needs to be created first, app moves to use key 2, and then key 1 is deleted, which lends itself better to a manual process.