[openstreetmap/openstreetmap-website] App private key value pairs for "Preferences of a logged on user" (#2326)

[mmd]

https://wiki.openstreetmap.org/wiki/API_v0.6#Preferences_of_the_logged-in_user provides a mechanism to create/modify/delete user preferences in a public key/value store.

Currently, there's no way to shield different apps from each other, i.e. one app could fetch details from another app, or even change/delete them.

I'm proposing to enhance User preferences by an "app private" flag with the option to store key/value pairs that are only accessible a a given registered OAuth key.

Existing key/value pairs need to be marked as  "public" by default. For new entries, the app can decide, if entries should be public or "app private".

When using Basic auth, only public key value pairs should be returned, while on OAuth both public and "app private" key/value pairs are returned, possibly with an additional attribute to indicate a public/private key status.




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2326
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190719/2b3a2730/attachment.html>