Plan icon indicating copy to clipboard operation
Plan copied to clipboard
verified publisher icon plan-player-analytics

Authentication tokens

Open SlenkyDev opened this issue 4 years ago • 4 comments

I would like to be able to..

Get a json API with the player info via a auth token, this is already possible but only if logged in via a cookie, thus making it really hard to use in practice.

Is your feature request related to a problem? Please describe.

Yes, there is already something similar https://analytics.lendmark.sk/player/uuid/raw; however I can only find a "cookie" request header, instead of a actual auth header.

SlenkyDev avatar Aug 01 '21 19:08 SlenkyDev

Perhaps somewhat related to #1965 and #1895, but I'd also be interested in a more token-like authentication scheme which doesn't require an api user to hijack cookies for api requests

rymiel avatar Aug 01 '21 22:08 rymiel

What kind of token would this be? @SlenkyDev

AuroraLS3 avatar Aug 03 '21 11:08 AuroraLS3

What kind of token would this be? @SlenkyDev

Some kind of randomly generated authorization token in an authorization header that could be optained via the dashboard or a Minecraft command (e.g. planproxy grantapi)

SlenkyDev avatar Aug 03 '21 11:08 SlenkyDev

TODO

  • Add a database table to hold authentication tokens
    • Id
    • Token
    • Issued
    • Last used
  • Add a commands
    • to generate authentication tokens
    • to list authentication tokens
    • to revoke authentication tokens
    • Add a permissions for the commands
  • Add a cache for the authentication tokens so that they don't need to be fetched from database
    • Make the cache entries expire 15 minutes without getting read
  • Add another Authentication implementation that checks for a token based authentication

AuroraLS3 avatar Jan 31 '22 19:01 AuroraLS3