Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add guide for creating and authorizing sessions #36

Merged
merged 4 commits into from
Jan 18, 2023
Merged

feat: Add guide for creating and authorizing sessions #36

merged 4 commits into from
Jan 18, 2023

Conversation

dhudec
Copy link
Contributor

@dhudec dhudec commented Jan 18, 2023
edited
Loading

Description

  • Adds Access Data Using Sessions guide
  • Adds content about sessions to Access Controls concept page
  • Fixes some related content on other pages

Relevant preview links:
Guide
Concept page

Testing required outside of automated testing?

  • Not Applicable

Screenshots (if appropriate):

  • Not Applicable

Rollback / Rollforward Procedure

  • Roll Forward
  • Roll Back

Reviewer Checklist

  • Description of Change
  • Description of outside testing if applicable.
  • Description of Roll Forward / Backward Procedure
  • Documentation updated for Change

@dhudec dhudec requested a review from a team as a code owner January 18, 2023 15:17
@vercel
Copy link

vercel bot commented Jan 18, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated
developers-basistheory-com ✅ Ready (Inspect) Visit Preview 💬 Add your feedback Jan 18, 2023 at 10:08PM (UTC)

dhudec
dhudec commented Jan 18, 2023
View reviewed changes
docs/guides/govern/sessions.mdx Outdated
- Your server-side endpoint should apply some form of authorization logic to ensure that sessions are only granted access to tokens that should be accessible to the authenticated user.
- Follow the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege). In particular, try to only grant `token:read` or `token:use` access to specific tokens using [conditions](/docs/api/applications#access-rule-conditions), and avoid granting access to entire containers of tokens.

## Read the Token
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm standing up a working example service and FE components to test this code on Android and web. Once I have this finished, I want to add more to this section to show how to retrieve the token in Web/Android/iOS(?) - not only showing curl.

There is a tradeoff here, because we want to show how to use the session on each platform, not steer readers towards bad practices like retrieving raw plaintext data in the frontend, but also not dive into all of reveal elements here, especially since android and ios are not finished and I can't show them yet.

amkera
amkera previously approved these changes Jan 18, 2023
View reviewed changes
bweber
bweber previously approved these changes Jan 18, 2023
View reviewed changes
@dhudec dhudec dismissed stale reviews from bweber and amkera via 13e9b4e January 18, 2023 22:05
@dhudec dhudec merged commit b634a73 into master Jan 18, 2023
@dhudec dhudec deleted the eng-4001 branch January 18, 2023 22:14
bt-platform-eng pushed a commit that referenced this pull request Jan 18, 2023
@semantic-release-bot
chore(release): 1.14.0 [skip ci]
1f28684 
# [1.14.0](v1.13.0...v1.14.0) (2023-01-18)

### Features

* Add guide for creating and authorizing sessions ([#36](#36)) ([b634a73](b634a73))
@bt-platform-eng
Copy link

🎉 This PR is included in version 1.14.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bweber bweber bweber approved these changes

@amkera amkera amkera left review comments

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dhudec @bt-platform-eng @bweber @amkera