odysee-roku icon indicating copy to clipboard operation
odysee-roku copied to clipboard

Published 20 hours ago verified publisher icon OdyseeTeam

Validate authentication flows and usage of auth token vs oauth

Open tzarebczan opened this issue 2 years ago • 3 comments

  • [x] If not signed in, all api.odysee.com calls should be using the auth token. Verify that install_new works with this scenario

  • [x] on sign in, call user/me with both the bearer and pass auth token, as such: image

  • [x] if successful, you can now discard the auth token, and now bearer token should be used everywhere (api.odysee.com, na-backend..odysee.com). If the call fails, restart sign in process?

  • [x] ensure refresh token scenario works

  • [ ] ensure revoke token scenario works

tzarebczan avatar Jul 12 '22 15:07 tzarebczan

Should be fixed by ab22d0f5987f357912eee911840c98bc046d5d28 and 8d901f0889bd8fd856fd1819137a2741f19d98a9. current fixes pushed to device-flow (internal). needs additional review.

s9260 avatar Jul 12 '22 22:07 s9260

all api.odysee.com calls should either pass auth token, or access token if logged in

all websocket calls calls should either pass auth token, or access token if logged in

api.na-backend.com - no need to pass auth token/access token for resolve/claim search calls. All other calls should.

tzarebczan avatar Jul 25 '22 13:07 tzarebczan

  1. can do
  2. can't: we would need to roll our own encryption
  3. will look into this.

s9260 avatar Jul 25 '22 17:07 s9260