Closed Bug 1062401 Opened 9 years ago Closed 9 years ago

[buddyup] Add API authentication


( :: General, defect, P2)



(Not tracked)



(Reporter: mythmon, Assigned: mythmon)



(Whiteboard: u=api c=questions p=1 s=2014.17)

The initial API authentication will be a simple token based authentication. There will be an API end point that a user can pass a username and password to. If the username and password match an existing SUMO user the API will return a token, along with some metadata.

Tokens will be stored in the database, and will have an expiration time. For now this expiration will be 30 days.

Future requests to the API can include this token in the Authorization HTTP header. If the token matches one on record, that user will be considered logged in for only that request. Every request will have to include the authorization token.

Expired tokens should be removed by a cronjob.

This bug covers making the API endpoint to generate tokens, creating the authorization method to log in a user with a token, the cronjob to remove expired tokens, and tests for the above.
Blocks: 1062407
It turns out DRF did a lot of this already. Lowering this to 1pt considering how much time I spent on it.

Whiteboard: u=api c=questions p=2 s=2014.16 → u=api c=questions p=1 s=2014.16
As discussed already with Kadir and Mike, these are moving to next sprint.
Priority: -- → P2
Whiteboard: u=api c=questions p=1 s=2014.16 → u=api c=questions p=1 s=2014.17
Target Milestone: --- → 2014Q4
Blocks: 1068121
Landed on master in:

This doesn't really have an affect on production yet, so I'm going to mark this as RESO/FIXED now without pushing.
Closed: 9 years ago
Resolution: --- → FIXED
Blocks: bu-server
You need to log in before you can comment on or make changes to this bug.