outline for auth

[wparad]

• (internal edits)

[philsturgeon]

@wparad looking real good!

[philsturgeon]

I had a tiny smattering of notes in a random file and I'm just gonna pop it here in case anything is vaguely interesting about it.

OAuth is like a hotel key. You provide primary credentials (ID + credit card), get a token back that's generic, scoped, revocable, and tied to an expiration...and life's good. - @caseysoftware #jestphp
https://twitter.com/iansltx/status/1099065732665614337?s=12

Default to not letting anyone in, then specify the various authenticaton methods allowed per controller or endpoint. DO NOT implement a shitty auth strategy where all endpoints can only have ONE type of entry, or you find yourself duplicating endpoints just to get around that crap.

Implementations

• ruby: doorkeeper
• php: leage/oauth2-server
• https://www.keycloak.org/

[wparad]

So I'm working through this and a good handle on the first part, so I'm throwing that up here, any thoughts so far, feedback, suggestions before I continue with the rest of it?