dwyl
Categorise authenticated people?
The application is used for user to
- manage api keys which allow people to create application using the dwyl API
- authenticate with auth and recieve a jwt to access private endpoint on various applications
At the moment there is not difference between this two types of user. This means that a user which has already been authenticated can access the api key management pas on auth later on.
Are there any cases where we want to limit the api keys page to certain users only?
@SimonLab from the perspective of our "Main" App https://github.com/dwyl/auth_plug_example
The people using the Auth Service will just get redirected back to the Main App transparently once they have authenticated. Even when they click the "Verify" link sent to their email, they will be redirected back to the Main App.
The reason I've made the API Keys part of the Auth Service now is that I want our "Main" App to be deployed the exact same way that anyone else would run the "Main" App.
For now, a person using the Main App will not even be aware of the concept of API Keys,
until we write our tutorial (Blog Post) explaining how to use our API.
But that's at least 2 months from now.
We are just laying the "ground work" now for that eventuality.
To answer the specific questions you have raised above:
-
There is no difference between the types of ~~user~~
personbecause we don't want there to be a difference. We want anyone to be able to create their ownAUTH_API_KEYand get the @dwyl App running on theirlocalhost(or even deploy it to their own VPS!) in less than 2 minutes. We want the setup to be even easier than Wordpress. That's how we will succeed. -
Limit API Keys? At this stage, No. during MVP we have no need for limits. What we do want to do is work on Logging ASAP: #67 And then extend that to logging all API requests so that we can monitor usage. https://github.com/dwyl/app/issues/274