recast-hep/recast-flask-frontend

Secure API access with ORCID

cranmer opened this issue · 1 comments

cranmer commented
Secure API access with ORCID
lukasheinrich commented

the way this should work:

  1. if the user is authenticated via ORCID on the web interface she can
  • create a new token by say a form that gives takes a name (string) and is submitted by a button "Generate new Token"
  • this will generate a random token and add the token name + the token to the User. (probably tokens should be their own table, and a User should be able to have multiple tokens)
  1. if the user wants to use the API, she should be able to do something like
curl -u <orcid>:<token> http://api.recast.....
  1. on the user page, we can show a list of token "names", but should never show a list of token values (becasue essentially they are a password)