f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
e6fcaadd45
FIX: redirects back to origin for SSO and omniauth login
2016-09-16 13:48:50 +10:00
2d859ba0ed
FIX: user api should always be available to staff
2016-09-12 15:42:06 +10:00
1d281e02c7
id is optional if already specified in header
2016-09-02 17:08:46 +10:00
be0fd5b4cc
FEATURE: allow user api key revocation for read only keys
2016-09-02 17:04:00 +10:00
ca79c4b276
stop eating up push_urls
2016-08-26 13:23:06 +10:00
691f739f11
better error handling
...
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
79c1d3459b
line was there twice
2016-08-17 17:03:48 +10:00
91b72936c4
Normalize away a requested push if for some reason we can not push there
2016-08-17 16:44:38 +10:00
a25a8115e8
FEATURE: support HEAD request to /user-api-key/new
...
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
b7cea24d76
FEATURE: more user API flow, support key creation
2016-08-16 17:06:52 +10:00
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
Sam