Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Designing authorization policies
See original GitHub issueI’m submitting a
- feature request.
Current Behaviour:
Currently, the users can be registered only by the server creator using add_user function, so there is no option to extend the user base of the API.
Expected Behaviour:
The users will be able to register themselves on the API using a /serverapi/register URL by posting their credentials and would be able to access the resources.
Steps to reproduce:
Introduce a Resource class mapping to the url /API_NAME/register with an allowed POST method, which shall call the already built add_user function to register the user.
Do you want to work on this issue?
yes
Issue Analytics
- State:
- Created 6 years ago
- Comments:13 (13 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I see some misunderstanding in the scope and the scenarios that hydrus has to tackle.
Please always consider that the “users” of the API we are talking about when speaking of Hydra are automated clients. Hydra is primarily a technology to make automated agents to exchange data, so everything in hydrus should be designed with this as primary constraint. “Users” (aka other machines in the same APIs network) would be registered at deploy time. Nobody should be allowed to register dynamically as it would be a security flaw in the network. The “User Defined Controls” task is in the same scope: having a list of machines allowed in the network, which machines are allowed to access which endpoints?
Please always refer to the domain we are tackling. Hydra is not a front-end or business-to-consumer technology; all the needs of this kind have to be addressed by other layers beyond the “API network layer” we are working on at this moment.
Briefly, Hydra’s developer/engineers that wants to build an infrastructure/architecture are our “customers”, not the final users/clients that needs to access the data. Providing a front-end (in the sense of a layer facing external end-users) is part of the general layout of the infrastructure that is up to the engineers to decide and implement (maybe using hydrus itself, but it is something that is outside of the reach of the tools we are developing).
@Mec-iS Thanks for clearing that out…will keep in mind from now. Also I am preparing a proposal for
Adding user based controlsand I wish to also incorporate authentication using OAuth in that, so if you can give any suggestions or any specifications for the same…it would be really helpful. Thanks in advance…!!