Skip to content
This repository was archived by the owner on May 4, 2019. It is now read-only.

Post/simple part1 simple api lockdown #14

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Post/simple part1 simple api lockdown #14

wants to merge 8 commits into from

Conversation

paulfranzen
Copy link
Contributor

No description provided.

OnFreund
OnFreund reviewed Dec 14, 2015
View reviewed changes
_posts/2015-12-14-simply-secure-rails-api.markdown Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe link to Faraday? (in a new window)

@mattjstar
Copy link
Contributor

Yeah I'd definitely update the title, maybe add the word "encryption" in it, cause it's sexy

How to encrypt a rails api... etc.. etc...

mattjstar
mattjstar reviewed Dec 15, 2015
View reviewed changes
_posts/2015-12-14-simply-secure-rails-api.markdown Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably limit these to shorten the url no? We've been going with just "engineering" now, which is redundant, tbh this category stuff needs to be revisited

@abest0
Copy link

abest0 commented Dec 15, 2015

@mattjstar adding Encryption into the title will unleash a momentus Reddit shit torrent in the this posts direction if it is not 100% accurate and bulletproof.... tread lightly.

@mattjstar
Copy link
Contributor

ah, k

jackbearheart
jackbearheart reviewed Dec 16, 2015
View reviewed changes
_posts/2015-12-14-simply-secure-rails-api.markdown Outdated
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

their

jackbearheart
jackbearheart reviewed Dec 16, 2015
View reviewed changes
_posts/2015-12-14-simply-secure-rails-api.markdown
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But now you have to look up the User by their token, which was the whole thing we wanted to avoid in the first place, right?

You could dispense with the encrypted_user_uuid stuff and just use a token if that's your style.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this would function as a "double layer" which would allow our base auth service to continue to feed out to any and all apps it serves, while the individual apps could run their own "extra" tokeny system

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting. I think there are some tradeoffs there in letting individual apps run additional authentication schemes. Could be a good discussion, up to you. (Like, what if I can authenticate to half the apps but not the other half? That would be a weird situation. Note that authentication != authorization.)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@paulfranzen @mattjstar @abest0 @i8ramin @jhjwind @OnFreund @jackbearheart