kinto.js
kinto.js copied to clipboard
Kinto
Expose a nicer way to authenticate requests
Currently, achieving authentication is done that way (here basic auth):
import KintoClient, { basicauth } from "kinto-client";
const client = new KintoClient("http://", {
headers: {
Authorization: "Basic " + btoa("user:pass")
}
});
While we should definitely keep the ability to pass a generic custom Authorization header, we should probably enhance the developer experience a little by providing a slightly nicer API:
import KintoClient;
const username = "chuck";
const password = "r0undh0use";
const client = new KintoClient("http://")
.auth("basicauth", {username, password});
const client.bucket("default").collection("posts")
.createRecord({...}) // creates a record reusing the auth bits
For other authentication methods/policies, the first argument is the policy identifier, and the second one is an object holding the required parameters for this policy:
const token = "<github api token>";
const client = new KintoClient("http://")
.auth("github", {token});
Feedback? Thoughts?
I really like the idea of having this defined like that. I wonder if there is already a standard mechanism in JavaScript like python has requests authentication? If so, we should use it, otherwise let's keep it like that!
Currently, there is no way to specify auth headers after instantiation.
For example, if I do:
- fetch server info to obtain capabilities about auth
- perform login on identity provider
- ...no way to specify the access token in headers without reinstantiation
- plus, server infos were cached on first call and won't take new headers into account
Also will be nice extending functionality for support HttpOnly cookies, currently here is no way for add credentials params to fetch() call
https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters
for example in axios i do something like : axios.defaults.withCredentials = true or axios.get('...', {withCredentials: true});
