Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dedicate a section on how to use access tokens #1517

Merged
merged 4 commits into from
Aug 20, 2018
Merged

Dedicate a section on how to use access tokens #1517

merged 4 commits into from
Aug 20, 2018

Conversation

turt2live
Copy link
Member

Rendered: see 'docs' status check.

This is an attempt to add more clarity to the section, as requested in #1042.

Fixes #1042.

@turt2live turt2live requested a review from a team August 15, 2018 22:33
@turt2live turt2live added this to In review in August 2018 r0 via automation Aug 15, 2018
ara4n
ara4n reviewed Aug 15, 2018
View reviewed changes
specification/client_server_api.rst
support:

1. Via a query string parameter, ``access_token=TheTokenHere``.
#. Via a request header, ``Authorization: Bearer TheTokenHere``.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect we should specify when to use which. i.e. to spell out that the query string is for compatibility, but the request header is the preferred approach to avoid access_tokens being leaked in URLs or HTTP access logs.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ara4n please take a look at the added text, ca87876

@turt2live turt2live requested a review from a team August 17, 2018 15:51
August 2018 r0 automation moved this from In review to Reviewer approved Aug 20, 2018
richvdh
richvdh approved these changes Aug 20, 2018
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@turt2live turt2live merged commit 26746cf into matrix-org:master Aug 20, 2018
August 2018 r0 automation moved this from Reviewer approved to Done (this list will be incomplete) Aug 20, 2018
@turt2live turt2live deleted the travis/c2s/auth-header branch August 20, 2018 16:08
RiotTranslateBot pushed a commit to RiotTranslateBot/matrix-doc that referenced this pull request Aug 22, 2023
@Half-Shot @anoadragon453 @turt2live
Add spec for MSC2449: Require users to have visibility on an event wh…
1b69e03 
…en submitting reports (matrix-org#1517)

* Add MSC2249 support

* changelog

* Add a line on verification

* Changes based on review feedback

* Apply suggestions from code review

Co-authored-by: Travis Ralston <travpc@gmail.com>

* move tags field to the bottom of report_content.yaml

* fix duplicated content

now how did that happen

* fix up the 404 response schema

it wasn't displaying correctly in the rendered spec otherwise

* remove erroneous schema reference

* 1.7 -> 1.8

Co-authored-by: Travis Ralston <travpc@gmail.com>

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
@richvdh richvdh mentioned this pull request Apr 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ara4n ara4n ara4n left review comments

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
August 2018 r0
  
Done (this list will be incomplete)
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@turt2live @ara4n @richvdh