[the-datatank] Authentication feature

Dries Droesbeke Dries.Droesbeke at Digipolis.be
Thu Oct 11 14:33:44 UTC 2012 

Hi,

Your suggestion is a workable solution for us.

Our requirement:
A user should register in our drupal and in the backend an API token/secret should be generated in TDT and returned to consumer in drupal.
We don't need an acl based authentication, just a basic auth with those credentials would be perfect. The API token and secret can be generated by TDT or generated in drupal.

In the long run it would be a better solution to have 1 user and multiple apps so the request can be tracked back to an application instead of a user(with X apps).

Oauth is not needed atm.

Kind regards


Van: Jan Vansteenlandt [mailto:vansteenlandt.jan at gmail.com]
Verzonden: donderdag 11 oktober 2012 10:53
Aan: the-datatank at lists.okfn.org
CC: Dries Droesbeke; Hannes Vandevreken
Onderwerp: Authentication feature

Hi list,


Jan here with a question towards the datatank stakeholders, Dries Droesbeke from Digipolis Antwerp is working on a datatank installation for an antwerp hackaton. He'd also like to authenticate users, currently there's no such feature present in the develop branch ( or master branch for that matter ). There is however a branch that attempts to perform user management and authentication, but I have a feeling the authentication needs to be fully integrated instead of partially datatank and partially script-wise ( which is now the case in the access list branch ).

My question is how do you see this user-wise.

My suggestion: TDTAdmin/Users -> The resource will be handled by a new controller and foresees the following:

                   GET: returns all users
                   HEAD: same as get, but only the headers
                   PUT/POST: (new_)user as a parameter and adds the user to the back-end.

My question for Dries is if you expect an api_key in return, after the user addition, or will you be passing a password as well through the PUT request? Also, you asked for a feature to add tokens/secrets for apps. Do you mean OAuth by this? If so, we should take a look at the OAuth API made by iRail.


Best regards,


Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/the-datatank/attachments/20121011/5253bcd9/attachment.html>

More information about the the-datatank mailing list