[openstreetmap/openstreetmap-website] API key dispenser (#2145)
mmd
notifications at github.com
Sun Oct 11 19:01:45 UTC 2020
Signing requests was a topic for OAuth 1.0a. Bearer tokens in 2.0 would give you access to resource server (see example below), that's why you need to safeguard them. RFC 6750 has more details on security threats related to Bearer Tokens usage.
```
curl -H "Authorization: Bearer oUA-D-78IXuB9c2TM5BdGtAdLcUih5FXUIWl6Lb8V0g" http://localhost:3000/api/0.6/user/details.json
{"user":{"id":1,"display_name":"mmd2","account_created":"2017-12-05T17:28:53Z","description":"Hello!","contributor_terms":{"agreed":true},"roles":["moderator","administrator"],"changesets":{"count":1706},"traces":{"count":78},"blocks":{"received":{"count":1,"active":0},"issued":{"count":20,"active":0}}}}
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706752433
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20201011/08dd0977/attachment.htm>
More information about the rails-dev
mailing list