Comments (12)
nelsonic
commented on June 2, 2024
1
Next: UX #51 ✨
from auth.
nelsonic
commented on June 2, 2024
The API Settings page should be clean focussed:
This is obviously just a rough sketch, but hopefully you get the idea.
(It should have some sort of navigation bar/menu to help people situate themselves, not shown here)
from auth.
nelsonic
commented on June 2, 2024
The beauty of AES256 is that the person can create virtually infinite API keys for the same person.id:
iex(17)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMSqUAH1ReM2sSq1ILL4zlvZAAZsyMmP7Sj0FY1f90xCVUQ=="
iex(18)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMYLnkMAUa5NOpmrG/3fXIFLxWrAjw0FZN9McDv2rb5aikg=="
iex(19)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMfNpzWyscdnVbzbppQ7uahuzfK1rBdGoh7+daVppGakghw=="
iex(20)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMdduVysgIrxtKwerleB8rSw2M1r9RVQjFVXOr4+hwMKmJw=="
iex(21)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMfs/6SJmAifSRY8jg8G2GnDWrNLA0XyrCTEn4bEWjyjy+w=="
iex(22)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMdy9jIuuR9zrET7FmmGOYriqv+HI00cWH8iYBWnxMnk+gA=="
iex(23)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMb2x3dvOqs01MUwICRsS0fJCEga83gvc/UxdiCM3tXnCBw=="
iex(24)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMWZbJS4SFbaHrVFmGr0Bv/AfSo81iHNiVfQ6yQI4ylhNjQ=="
iex(25)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMf12pDPrjCxg2e1TsL9kjlQVSC5NCg0COksA4OfIH0oJhA=="
iex(26)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMSmxoCXciO6IzpoAy8B8XDzmph7/fbmzKYvdSpMtColuHA=="
iex(27)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMdiyS7VLEXQks78O4Oop5Fy9D5B0Qv+KaHgfRHefT5RtAg=="
iex(28)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMV2hnqNQhHakAQyiqH4AUnjEHfmjczo4XF+Z88ZQy3DbtQ=="
iex(29)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMR+i2AgANXskbNrrsStxpz754q+wyPx1q81UWLawYTu5kw=="
iex(30)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMfc8Vm5iY1ExdxwIYtLZUWo/G1sRLso+2r7ApSBFZNIuEQ=="
iex(31)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMdTIvtfEFg2q+K/DG9PrHZW+5k2birZo3oxlltcOmHhsmA=="
iex(32)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMX4WHSKaE0cBT5+r1ukNlekIoSEXgKZlGJytEM822rZsGA=="
iex(33)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMavN/nEPdzqabVKL7KPWgwKgMCpWKsJWNRpPV6n7YYK8sA=="
iex(34)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMXIxzgDULUDvlSVJjIAdRWSbiUG9E1rutDUcNeGFdl+5hQ=="
iex(35)> key = Fields.AES.encrypt(1) |> Base.encode64
"MDAwMfMp5raxCzgRgDjzZ0+yEP8ef0AImr6S65+v/p5TCiz29w=="
So the person can use their dwyl app data from an unlimited number of places
(think of services like IFTTT or Zapier or Excel macros where they analyse their data!)
from auth.
nelsonic
commented on June 2, 2024
What are the desired fields for an API key schema/table?
- person_id - references person.id
- key_id - the id of the encryption key we used to create the client_secret
- client_secret - the secret used to sign the JWT
- name - e.g. my amazing key
- description - optional description for the key
- status e.g: "active", "test" or "suspended"
- url - the url of the app. e.g: http:localhost:4000 or https://myapp.net
mix phx.gen.html Apikey Apikeys key_id:integer client_secret:binary name:string description:text url:binary person_id:references:people status:references:status --no-context
Can you think of any other fields we might want to have for an API key?
from auth.
nelsonic
commented on June 2, 2024
I freaking hate the totally unnecessary complexity that Phoenix Contexts introduces.
mix phx.gen.html Ctx Apikey apikeys key_id:integer client_secret:binary name:string description:text url:binary person_id:references:people status:references:status
But this is what we have after running that generator:
from auth.
nelsonic
commented on June 2, 2024
Example of DWYL_API_KEY
Don't worry, this is not valid for any real data access.
from auth.
nelsonic
commented on June 2, 2024
Slightly better styling:
from auth.
nelsonic
commented on June 2, 2024
API key working with Base58.encode:
from auth.
nelsonic
commented on June 2, 2024
I think I'm going to store the keys as String in the database ...
But then again we have an effective way of looking up keys for a given person,
so we can store them as (encrypted) binary.
from auth.
nelsonic
commented on June 2, 2024
Final version of the DWYL_API_KEY with a / splitting the client_id and client_secret
This means people only need one environment variable to use our app.
from auth.
nelsonic
commented on June 2, 2024
https://dwylauth.herokuapp.com/
https://dwylauth.herokuapp.com/profile
https://dwylauth.herokuapp.com/profile/apikeys
https://dwylauth.herokuapp.com/profile/apikeys/new
2cfxNaWUwJBq1F4nPndoEHZJ5YCCNqXbJ6GaSXj6BPNTjMSc4EV/2cfxNadrhMZk3iaT1L5k6Wt67c9ScbGNPz8BwLH1qvpDNAARQ9J
from auth.
nelsonic
commented on June 2, 2024
UX Complete. PR is reviewable! #43 
from auth.
Related Issues (20)
- Github Oauth scope HOT 1
- Select authentication method HOT 1
- Update Dependencies and Docs HOT 8
- Chore: Update License identifier in mix.exs HOT 4
- Add Dependabot to Update Dependencies HOT 1
- Proposal: Rebuild `Auth` App using `mix phx.gen.auth` when `[email protected]` Ships HOT 6
- EPIC: `groups`: how to collaborate with one or more `people` HOT 10
- Cloudflare error
- phx.gen.auth --live HOT 1
- Email -> Magic Link Login 🔗 HOT 12
- (ArgumentError) argument error: Fields.Helpers.get_salt/1 HOT 1
- Tests FAILED: Expected minimum coverage of 100%, got 99.5% HOT 5
- Groups UI/UX HOT 1
- Phoenix.Template.UndefinedError Could not render "live.html" for AuthWeb.LayoutView HOT 1
- Chore: Fix Failing Auth Tests HOT 3
- Review how auth application works
- Chore: Sample `people` for testing `groups` on `localhost` HOT 3
- Chore: Use `statuses` [in-memory] in `auth`
- Auth: Deploy Demo Version to Fly.io HOT 11
- Bug: GitHub Username Not Returned by Auth ... 🤦♂️ HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.