-
-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Service Accounts #1217
Comments
Question about regenerating keys. Firstly, creating a new service account + deleting old is not equivalent to regenerating, because the existing account could have been manually added to certain documents, or mentioned in certain access rules. If we support regenerating the secret key and associating it with the existing service account, should we support a grace period when both keys work? For example, Stripe offers this option. Stripe calls it "Rolling API Key", it's documented here: https://docs.stripe.com/keys#rolling-keys. At the time of regenerating a new key, you get to specify expiration for the previous one, which could be "Now" or after a certain time. Asking this now, because if we need to support two secret keys for the same service account, this may affect the schema. |
Just let you know mocks are linked to the ticket #1218 ( style work in progress) but close to the final version https://www.figma.com/design/wcpetFt6aOKzTszcvPPWLQ/%5B05%2F24%5D-Grist-Design?node-id=2353-78236&t=HI191FPx7W2TTbxS-1 |
I would say no, especially since SCIM (#1199) will provide a nicer way for another app or service to CRUD users progamatically ? But I haven't thought about it too hard so I am interested in hearing what others think |
Describe the problem to be solved
Following up on #579, @paulfitz @hexaltation @jonathanperret and I sat down to outline a solution to the more granular API keys feature request. Here is what we discussed :
Describe the solution you would like
We offer to introduce the concept of "Service accounts", partly inspired by what GCP is doing
At a high level, a service account is just like a regular user in Grist -- it can be added to any number of documents, workspaces, or orgs. ACL apply to this user and it has its own API key.
Service account lifecycle
UI/UX considerations
Technical considerations
sa-{team-site}-{uuid}@getgrist.com
Here are the concrete next steps we agreed on :
The text was updated successfully, but these errors were encountered: