Feature #1233
Updated by Bernhard Koschiček-Krombholz 12 months ago
External Authentication will be needed for projects who want a frontend without exposing all data (no public API). For implementing an API authentication method see: [[API Authentication|Whitepaper]], "authentication-with-flask":https://realpython.com/token-based-authentication-with-flask/ To consider: webclients will request data so we can't e.g. just block IPs or similar. Adaptations: * -Check if tokens can be copied if transferred via a web request- * -Token generation- ** -Only for admins (at least for now)- ** -Move form to admin area- ** -Table select for user_id- ** -Save current user in an additional table field (e.g. creator_user_id or similar- ) ** -Change token input field- *** -Remove from insert- *** -Show in grey text area after creation but keep the handy copy button- * Token list view ** -Add delete column (with JavaScript confirm)- ** -Add creator column- ** Sort and mark active tokens that are: *** -User User has to exist and be active- active *** -Valid to date has to be in future- *** -Not revoked- * Expiration date should be a number, 0 = no expiration * Column with information if token is useable (green) or not (red). Should be sortable * Button with delete invalid tokens