abaco icon indicating copy to clipboard operation
abaco copied to clipboard

Published 20 hours ago verified publisher icon TACC

Make nonce-bearing Abaco URIs cleaner via URL rewriting

Open mwvaughn opened this issue 6 years ago • 0 comments

Here's an example callback used in some ongoing work that leverages Abaco, where actor EEDKw7NAr4E0x can accept this message and use it to set a value for a variable shorthashin database record 1073f4ff-c2b9-5190-bd9a-e6a406d9796a.

https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages?x-nonce=TACC_kOMDBMNGo1r3m&shorthash=3f643e7b2722f16e&uuid=1073f4ff-c2b9-5190-bd9a-e6a406d9796a

Compared to the callback URL generated by several popular platforms, this feels a bit clunky and I think it is because the extended string of URL parameters carries both the nonce and the payload parameters.

It feels more intuitive for the base URL to include the nonce inline:

https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages/x-nonce/TACC_kOMDBMNGo1r3m

This makes it very clear which part of the URL is user payload versus the portion authorizing access to the actor.

https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages/x-nonce/TACC_kOMDBMNGo1r3m?token=3f643e7b2722f16e&uuid=1073f4ff-c2b9-5190-bd9a-e6a406d9796a

mwvaughn avatar Dec 04 '18 11:12 mwvaughn