Better token auth #176

magnusvk · 2015-07-14T22:49:27Z

We currently have a separate token auth solution at Bonobos that is considerably better than the default in Spree now:

not susceptible to timing attacks
stores hashed tokens, rather than cleartext tokens in the database
supports multiple tokens per user
supports token expiration

I've started work on breaking this out into a devise module, but there's more work to do there. I think we should make this a part of solidus_auth_devise by default and remove the current api_key from spree_users.

The text was updated successfully, but these errors were encountered:

gmacdougall · 2017-10-04T22:46:07Z

Closing due to being stale.

magnusvk · 2017-10-04T22:50:01Z

👋 blast from the past here. 🙃

skycocker · 2018-10-29T23:30:43Z

@magnusvk and others as well: in case you were still interested, I created a fork of solidus that supports devise_token_auth: https://github.com/skycocker/solidus_devise_token_auth

magnusvk mentioned this issue Jul 14, 2015

Post 1.0 Roadmap #171

Closed

jhawthorn added the changelog:solidus_api Changes to the solidus_api gem label Jul 21, 2015

athal7 added this to the Future milestone Aug 11, 2015

gmacdougall closed this as completed Oct 4, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Better token auth #176

Better token auth #176

magnusvk commented Jul 14, 2015

gmacdougall commented Oct 4, 2017

magnusvk commented Oct 4, 2017

skycocker commented Oct 29, 2018

Better token auth #176

Better token auth #176

Comments

magnusvk commented Jul 14, 2015

gmacdougall commented Oct 4, 2017

magnusvk commented Oct 4, 2017

skycocker commented Oct 29, 2018