Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider alternatives to Authorization header to simplify client implementation #2

Open
cqr opened this issue Aug 28, 2019 · 1 comment
Open

Consider alternatives to Authorization header to simplify client implementation #2

cqr opened this issue Aug 28, 2019 · 1 comment

Comments

@cqr
Copy link
Member

cqr commented Aug 28, 2019

No description provided.

@mahemoff
Copy link

mahemoff commented Aug 31, 2019
edited
Loading

I like the idea of supporting private feeds with a "secure" random URL, since many apps and hosts already support them. One downside of this is that every new user adds a new feed to be fetched, which adds more bloat and fetching requirements.

To get best of both worlds, it may be possible to embrace canonical links. Private feed URLs (e.g. https://example.com/amazing-show?id=hard-to-guess) could then link to a canonical feed (e.g. https://example.com/amazing-show), which is accessed by any valid token, as proposed in #9.

This means bearer token auth doesn't even have to be mandated in the initial version of the spec. It makes PodPass more of an extension of the existing private URL convention, but later on could add token support via canonical links and the multi-token access proposed in #9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mahemoff @cqr