New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal for /v2/tokeninfo #27
Proposal for /v2/tokeninfo #27
Conversation
Ah, the name field is a good idea. My current implementation just provides {
"permissions" : ["account", "characters", "guilds"]
} I'll see if I can get the name in there too. I also put it at Was hoping to deploy this endpoint sometime this week, but it's already Wednesday 😢 |
I updated the PR.
Do you want it called |
Just deploy it on Friday at 5pm, it's probably fine |
I'd prefer permissions; I think the term is more user-accessible.
I can't be that guy all the time. Shooting for next week. |
Sounds good to me. |
How about changing it slightly to make API keys be somewhat a bit more resilient to evil actors trying to re-use stolen tokens? For that API Key + tokeninfo should:
This would allow applications to be a bit more certain about the owner of the keys. The reason for application / destination field versus "Name" user gives the token is that user might provide something sensitive there under impression that name is private. So "Application" could be useful. API Key creation time probably can be exposed as-is :) If the problem of presenting someone else's key is not that critical, please disregard this comment |
This is now live 👍 @lye I added the |
@darthmaim if you want to I'm ok w/ that, though I think doing it on-demand sounds like the easier path going forward. |
But having all the endpoints already defined in the repository makes it easier to spot the changes made in a PR. I think I will just make the PR to add all existing endpoints and we can discuss it there if you want. Thanks for merging :) |
Ah yeah, thanks for taking care of that guys. I added the |
This PR adds a simple
/v2/tokeninfo
endpoint that returns information about the API key.The
name
of the API key is useful for displaying it in the apps settings, so the users knows which key the app is using.The
scopes
array is just a simple list of all granted scopes.