You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Best would be to have a real OAuth2 workflow or something similar.
Another idea would be to have a page for the generation of a specific token, apps can link to. Also, apps should specify, which token they want and not let the user search for the correct one. (Like https://travelynx.de/account/api/travel for the travel API.)
Also, if we are using fixed prefixes, could not we also use an additional prefix or so for differentiating between the different prefixes/use cases?
Also, like GitHub tokens, if you really want to allow secret scanning with them, you may also make them more humanreadable, like TRAVLYX-travel-tokenhere.
The text was updated successfully, but these errors were encountered:
As an API consumer, I much prefer not dealing with the conceptual and implementation overhead of OAuth. But I agree that the UI for creating and revoking tokens could definitely use some polishing and perhaps less technical explanations. For my project interfacing with traxelynx I've written some user guidance with a screenshot that looks like this, maybe something in that direction would be helpful for träwelldroid too in the meantime?
I'm not 100% happy with the current API myself, so I might look into improving it at some point. That may or may not include OAuth2 support in addition to the current token system. We'll see :)
See Traewelldroid/traewelldroid#334 for backstory.
Ideas
Also:
TRAVLYX-travel-tokenhere
.The text was updated successfully, but these errors were encountered: