Allow API to be accessed with master key #205

Open
tobscure opened this Issue Jul 30, 2015 · 5 comments

Comments

Projects
None yet
6 participants
@tobscure
Member

tobscure commented Jul 30, 2015

So that you can interact with the API freely on the server side.

e.g. if you want a new topic to be created for every new blog post, you generate a master key and stick it into a Flarum WordPress plugin.

A master key should allow performing actions with any user account, without the need to authenticate with a username/password. We should allow generation/revocation of multiple master keys.

What needs to be done:

  • Create a table (api_keys) to store the keys in. They don't expire.
  • Add an API endpoint to generate a new key, as well as one to delete an existing one.
  • Add an admin interface to manage the keys. This can probably live as a sub-interface in an AdvancedPage, along with other stuff we'll add later.
  • Alter the LoginWithHeader middleware to check for a master key (still need to work out how exactly it should be passed) as well as the ID of a user to log in as.
@GrindamN

This comment has been minimized.

Show comment
Hide comment
@GrindamN

GrindamN Jul 30, 2015

Regarding WordPress integration a quick question. Will it be possible to use flarum for comments? (e.g. Vanilla offers this option when you WP website)

Regarding WordPress integration a quick question. Will it be possible to use flarum for comments? (e.g. Vanilla offers this option when you WP website)

@tobscure

This comment has been minimized.

Show comment
Hide comment
@tobscure

tobscure Aug 8, 2015

Member

It's on the roadmap, yes

Member

tobscure commented Aug 8, 2015

It's on the roadmap, yes

@tobscure tobscure referenced this issue Aug 28, 2015

Closed

v0.1.0 roadmap (old) #74

19 of 53 tasks complete

@tobscure tobscure added the Feature label Aug 28, 2015

@tobscure tobscure added this to the 0.1.0-beta.3 milestone Sep 4, 2015

tobscure added a commit that referenced this issue Sep 6, 2015

@justjavac justjavac referenced this issue in justjavac/Flarum Sep 7, 2015

Open

Flarum v0.1.0 开发路线图 #3

18 of 53 tasks complete

@tobscure tobscure modified the milestones: 0.1.0-beta.4, 0.1.0-beta.3 Oct 14, 2015

@tobscure tobscure modified the milestones: 0.1.0-beta.6, 0.1.0-beta.5 Jan 7, 2016

@franzliedke franzliedke modified the milestone: 0.1.0-beta.6 Jan 7, 2016

@barillax

This comment has been minimized.

Show comment
Hide comment
@barillax

barillax Apr 3, 2016

Looking forward to this one! Been planning to integrate Flarum into our platform once there's a safe way to synchronize user accounts via the API, i.e.: not directly modifying the Flarum DB behind the scenes.

barillax commented Apr 3, 2016

Looking forward to this one! Been planning to integrate Flarum into our platform once there's a safe way to synchronize user accounts via the API, i.e.: not directly modifying the Flarum DB behind the scenes.

@tobscure tobscure modified the milestones: 0.1.0-beta.7, 0.1.0-beta.6 Aug 23, 2016

@pwFoo

This comment has been minimized.

Show comment
Hide comment
@pwFoo

pwFoo Sep 2, 2016

Master api token would be great for administrative usage. Create topics based on blog entries or user content (with user as author).

pwFoo commented Sep 2, 2016

Master api token would be great for administrative usage. Create topics based on blog entries or user content (with user as author).

@luceos

This comment has been minimized.

Show comment
Hide comment
@luceos

luceos Apr 7, 2017

Member

As a side note. Master keys are possible by adding a token to the api_keys table. All other requirements of the initial post by Toby are still part of this issue and need to be resolved:

  • Add an API endpoint to generate a new key, as well as one to delete an existing one.
  • Add an admin interface to manage the keys. This can probably live as a sub-interface in an AdvancedPage, along with other stuff we'll add later.
Member

luceos commented Apr 7, 2017

As a side note. Master keys are possible by adding a token to the api_keys table. All other requirements of the initial post by Toby are still part of this issue and need to be resolved:

  • Add an API endpoint to generate a new key, as well as one to delete an existing one.
  • Add an admin interface to manage the keys. This can probably live as a sub-interface in an AdvancedPage, along with other stuff we'll add later.

@tobscure tobscure removed this from the 0.1.0-beta.7 milestone Jul 22, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment