codeable-reviews-and-expert-profile icon indicating copy to clipboard operation
codeable-reviews-and-expert-profile copied to clipboard

Published 20 hours ago verified publisher icon duplaja

Reviews Authentication

Open duplaja opened this issue 4 years ago • 6 comments

Due to changes with the API, the reviews endpoint is now behind authentication. I've put in a small patch to prevent errors (returns empty string for reviews shortcode), but haven't had the time yet to get authentication in.

If anyone wants to give this a stab, let me know.

Relevant docs: https://codeable.docs.apiary.io/#reference/authentication

I'll update here if I get anything in place.

duplaja avatar Jan 10 '21 18:01 duplaja

Working on creating a v1 of a settings page

tamara-m avatar Jan 10 '21 19:01 tamara-m

Update: Waiting to find out about token renewals before going too much further. Will loop around once I find out if it's doable.

duplaja avatar Jan 10 '21 21:01 duplaja

I guess the only way here is really to check if is expired at each call and request a new token if so. I have this going on right now and it works fine. Not ideal, but it works.

schmitzoide avatar Jan 11 '21 10:01 schmitzoide

That's what I have now as well on a forked private copy, but it requires storing the password somewhere retrievable. If we need to go that route, might need to move this repo somewhere private. I'm still iffy about doing that (password storing)

On Mon, Jan 11, 2021 at 4:16 AM Marcel Schmitz [email protected] wrote:

I guess the only way here is really to check if is expired at each call and request a new token if so. I have this going on right now and it works fine. Not ideal, but it works.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/duplaja/codeable-reviews-and-expert-profile/issues/10#issuecomment-757852966, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2OXIEFRUN5TGBQSYKX5KDSZLFXHANCNFSM4V4TZHFQ .

duplaja avatar Jan 11 '21 14:01 duplaja

Update: Received some more API information. This should be doable!

So, on authentication you get an auth_token which you can use to call POST /users/auth_tokens with that auth_token to renew it. The token is valid for 7 days.

Thoughts on approach at this point are to have the user authenticate, but not store password. Exchange it on submission for the auth token, and then run a daily / every other day cron to exchange for a new auth_token. Keep this auth_token stored securely, and use it for all calls.

duplaja avatar Jan 13 '21 15:01 duplaja

Any updates on this? Doesn't display reviews at all right now on my website. Didn't realize it had broke.

zachnicodemous avatar Mar 05 '21 23:03 zachnicodemous