Lance Ivy
Lance Ivy
We can also use gRPC to generate clients directly without Swagger, right? Clients will still need a token verifier, of course.
I'm receptive to seeing what an OpenAPI spec for AuthN's RESTful endpoints would look like. I would like to see it as a replacement for [the existing API doc](https://github.com/keratin/authn-server/blob/master/docs/api.md), with...
Also: this may still end up replaced by gRPC tooling, but if someone wants to move it along in parallel then it's fine with me.
I could imagine making it a default configuration for new setups. We can't guarantee backwards compatibility on existing installs though.
You mentioned using Gorm and Kubernetes on another issue, so I presume you're looking at github.com/keratin/authn-go for an integration. That library _mostly_ treats the ID as a string (because of...
The ID decoded from the JWT is thankfully a string: https://github.com/keratin/authn-go/blob/45602e8424095484881debf5e40e2ded222e0206/authn/authn.go#L53-L55 The `GetAccount` API is used for reading account status information, like whether the account is currently locked or deleted....
I should also mention that it's not possible for an end-user to enumerate accounts by taking advantage of incrementing IDs. The only AuthN API endpoints that use account IDs are...
Your approach may differ, but I've been advocating for applications to maintain their own `users` dataset in a 1:1 relationship with the AuthN `accounts`. Your URLs would then be `/account/settings/:app_user_id`...
@madbbb i'd be happy to look at pull requests that switch to UUID. it's primarily a challenge with legacy data. in the meantime, i don't believe that iteration is possible...
Sounds good to me. I expect the noise rate to be somewhat high, but worth sorting through.