Use ApiKeyAuthentication instead of SessionAuthentication #6
Comments
|
Hey there, I had look on the current state of the backend and if I understand it correctly, than basically whole user management (login, signup, user's settings etc. basically all the /auth/* routes) has to be redo into the Angular app. Therefore I would suggest to make it in the way, that the links for login/signup will direct to the Angular editor app and the there would be overlay over the editor with login/signup form and after login/signup the notes would be loaded to the editor app. What do you think? |
|
@nicbou could you please comment on this? I will have soon the API ready for sign up/login/user management and I am wondering if my proposed way of implementing the front-end is OK with you. Moreover one more thing regarding the API. I was following examples how others approached user management with Tastypie and so I didn't create special route for login (for retrieving the ApiKey), but rather allowed BasicAuthentication (together with ApiKeyAuthentication) for User resource, therefore to log in, you will send request to retrieve User data with HTTP Basic authentication header where the username and password is provided and with the User data also the ApiKey is returned and from that point on only ApiKey will be allowed (for all other resources). Is that approach OK with you? |
|
That sounds like a good idea. We already have a mechanism for handling 401 errors, so it would simply be a matter of blurring the background and showing a login form. This would also open the door to mobile and desktop applications in the future. Thumbs up from me. |
A lot of users have requested a desktop/offline app. Supporting API authentication would pave the road for standalone apps.
The text was updated successfully, but these errors were encountered: