How is api key behavior when multiple client connect simultaniously?

Question

How is api key behavior when multiple client connect simultaniously?

Velrok opened this issue 12 years ago · 9 comments

https://github.com/ZeissS/wobble/wiki/API
"Performs a login and returns a apikey that is valid for thirty (30) days. Every call with this APIKEY will reset the thirty days."

Will this renew the key and return the same one?

What if I log in with the browser and with another client at the same time?
Will both be able to use their own key or will they compete, kicking each other out in the process?

Answer 1 · 2013-03-14T11:16:12.000Z

Every login call returns a new unique apikey. If you use multiple clients, each get its own key.

Answer 2 · 2013-03-14T18:00:13.000Z

do you think about changing that behavior to a more static one? like change it never? 😸

I mean it may be a way to ensure that a login cannot be hijacked so easily but it is not what you would expect of an api-key which should be consistent as long as the user does not request a change.

Answer 3 · 2013-03-14T18:02:16.000Z

Thats the thing. @zeisss told me it't better described as a session key.
Maybe renaming it would be a sufficient solution?

Am Donnerstag, 14. März 2013 | KW 11 um 19:00 schrieb Uepsilon:

do you think about changing that behavior to a more static one? like change it never?
I mean it may be a way to ensure that a login cannot be hijacked so easily but it is not what you would expect of an api-key which should be consistent as long as the user does not request a change.

—
Reply to this email directly or view it on GitHub (#131 (comment)).

Answer 4 · 2013-03-14T18:03:36.000Z

Then it should expire ;) That's not happening either. And then we'd lack an api-key

Answer 5 · 2013-03-14T18:12:53.000Z

One can overcome this by handling it like a resource.
See Velrok/wobble-client-python#9 .

By calling login at the start and logout when no longer needed.

In python one can wrap this kind of logic in a with statement if the resource supports it.

Python file resource example:

with open('filename') as file_handle: # calls open
file_handle.write("something")
# calls close()

Am Donnerstag, 14. März 2013 | KW 11 um 19:03 schrieb Uepsilon:

Then it should expire ;) That's not happening either. And then we'd lack an api-key

—
Reply to this email directly or view it on GitHub (#131 (comment)).

Answer 6 · 2013-03-14T18:13:40.000Z

Also I think it expires after 30 days :) .

Answer 7 · 2013-03-14T21:25:48.000Z

The text mentioned in this ticket clearly states that the key is valid for thirty days and expires afterwards.

Regarding renaming it: That is definetely a TODO.

Answer 8 · 2013-04-06T13:07:38.000Z

Can this be closed?

Answer 9 · 2013-04-06T13:36:16.000Z

I would say the question is answered so -> yes.