Secure API access with ORCID
cranmer opened this issue · 1 comments
cranmer commented
Secure API access with ORCID
lukasheinrich commented
the way this should work:
- if the user is authenticated via ORCID on the web interface she can
- create a new token by say a form that gives takes a name (string) and is submitted by a button "Generate new Token"
- this will generate a random token and add the token name + the token to the User. (probably tokens should be their own table, and a User should be able to have multiple tokens)
- if the user wants to use the API, she should be able to do something like
curl -u <orcid>:<token> http://api.recast.....
- on the user page, we can show a list of token "names", but should never show a list of token values (becasue essentially they are a password)