Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support more granular access rights via the multisite_account.json auth_key mechanism #215

Open
tanius opened this issue Sep 23, 2019 · 0 comments
Labels

Comments

@tanius
Copy link
Member

tanius commented Sep 23, 2019

We now have an API for remote creation of Discourse accounts on our SSO provider site (docs). It uses a shared secret called auth_key to control access, which is basically another type of API key, only for this API endpoint.

At some time, we want this mechanism to provide more granular access to this API endpoint than just "yes" or "no". There would be multiple auth_keys in parallel, and they would differ as follows:

  • Description. Just a note in the configuration file to remind the admin which client uses this key. Allows to delete the right key in case of spam issues :-)

  • Site access. A list of Discourse Communities sites on which accounts can be created using this auth_key.

  • Expiration date. Allows to limit auth_key validity to, for example, the period of a social media campaign where it is used.

  • Max. spam user count. Will expire the auth_key when more than the given number of spam users have been created with it.

  • Max. spam user percentage. As above, but using a percentage rather than an absolute number. Will only be evaluated from a certain number of accounts created with this key (say, 30).

@tanius tanius added the later label Sep 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant