Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/app/user/whoami api #468

Closed
jeroen opened this issue Dec 18, 2012 · 1 comment
Closed

/app/user/whoami api #468

jeroen opened this issue Dec 18, 2012 · 1 comment
Assignees
@jshslsky
Labels
low
Milestone
ohmage 2.14

Comments

@jeroen
Copy link

jeroen commented Dec 18, 2012

Would it be an idea to include an api call /app/user/whoami?

In the context of multiple independent frontends, a frontend needs a way of testing if there is a pre-existing session when the page loads. The most natural way would be to make a call to the server and see if it is authenticated already. If the user is already authenticated, the cookie will automatically include the auth_token header. If the call returns with a permission denied error, the user should be directed to an authentication page.

I am currently using /app/campaign/read for this, but /app/user/whoami might be more elegant. It could be faster, less error prone, and if it succeeds you could display something like "welcome back user lausd.001". The current gwt front-end manually saves the username in a separate cookie to do this, which is a security vulnerability.
@jshslsky jshslsky mentioned this issue Jan 3, 2013
Closed
@ghost ghost assigned jshslsky Jan 7, 2013
@jshslsky
Copy link

jshslsky commented Jan 7, 2013

This has been pushed to 2.14.

@jshslsky jshslsky closed this as completed Jan 7, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jshslsky jshslsky

Labels
low
Projects
None yet
Milestone
ohmage 2.14
Development

No branches or pull requests
2 participants
@jeroen @jshslsky