online-judge icon indicating copy to clipboard operation
online-judge copied to clipboard

Published 20 hours ago verified publisher icon DMOJ

Improvements to API tokens

Open Ninjaclasher opened this issue 4 years ago • 0 comments
trafficstars

It would be nice to support restricted API tokens. For example, we could have the following options:

  • API (only /api/ endpoints)
  • read (only GET)
  • write (excludes security-related endpoints)
  • security-related (changing password, changing 2fa, etc.)
  • admin-read
  • admin-write

This way, we don't give only one API token that has access to the entire account, including the ability to change the password or 2fa settings. The default setting should be read + write.

Some other nice-to-haves:

  • [ ] Multiple API tokens. This is probably as must-have for the above to actually be useful.
  • [ ] Expiry time for an API token.
  • [ ] Logging API token last IP/usage time separately from user last IP/access time.

Ninjaclasher avatar May 28 '21 19:05 Ninjaclasher