Log message #4019228

# At Username Text
# Apr 21st 2017, 14:05 Neon1024 I have a TokenAuth class I stole from somewhere
# Apr 21st 2017, 14:05 birdy247 a custom authenticator?
# Apr 21st 2017, 14:05 birdy247 it*
# Apr 21st 2017, 14:04 birdy247 Where do you check is?
# Apr 21st 2017, 14:04 Neon1024 If you wanted to salt your token I guess
# Apr 21st 2017, 14:04 Neon1024 You could use Security::hash()
# Apr 21st 2017, 14:04 Neon1024 No, I used php’s sha256() method :p
# Apr 21st 2017, 14:03 Neon1024 Or you could generate one as ADmad suggested using JWT, if you wanted some stuff in the token
# Apr 21st 2017, 14:03 birdy247 Did you make the logic for this yourself
# Apr 21st 2017, 14:03 birdy247 and then it just checks this
# Apr 21st 2017, 14:03 Neon1024 Yep
# Apr 21st 2017, 14:03 birdy247 So the token is stored in my Apps DB?
# Apr 21st 2017, 14:03 Neon1024 We require a few other fields too with each request
# Apr 21st 2017, 14:03 Neon1024 Just pass a token in the header then :)
# Apr 21st 2017, 14:02 birdy247 neither
# Apr 21st 2017, 14:02 birdy247 Im just after something simple
# Apr 21st 2017, 14:02 Neon1024 Depends really, my stuff doesn’t need to be super duper secure
# Apr 21st 2017, 14:02 Neon1024 I just wanted to be able to expire a token after a few months, so if someone gave it away it could be changed without impacting the consuming client
# Apr 21st 2017, 14:01 Neon1024 But there is stuff like OAuth too, such as Facebook and Twitter etc
# Apr 21st 2017, 14:01 Neon1024 birdy247, Usually a header and token is pretty standard
# Apr 21st 2017, 14:00 Neon1024 I’d need to implement it in a branch really and see how I feel about it
# Apr 21st 2017, 14:00 Neon1024 To give them a token to use, which you can sign and expire
# Apr 21st 2017, 14:00 Neon1024 Yeah, but I thought that the token workflow meant you need an OAuth style auth process
# Apr 21st 2017, 14:00 birdy247 but what is generally considered a nice way of requiring authentication to use the API
# Apr 21st 2017, 13:59 admad jwt is just a fancier token :P
# Apr 21st 2017, 13:59 birdy247 I need to do a bit of research
# Apr 21st 2017, 13:59 Neon1024 But with no token issuer endpoint
# Apr 21st 2017, 13:59 Neon1024 Yes
# Apr 21st 2017, 13:59 admad so basically simple token based auth
# Apr 21st 2017, 13:59 Neon1024 Bit dirty really
# Apr 21st 2017, 13:59 Neon1024 We use a sha which we pass as a header
# Apr 21st 2017, 13:59 admad trade secret
# Apr 21st 2017, 13:59 Neon1024 Er, well, you know the thing about that is
# Apr 21st 2017, 13:58 Neon1024 Hah
# Apr 21st 2017, 13:58 Neon1024 Which is kinda unavoidable really, and is better
# Apr 21st 2017, 13:58 birdy247 How do you auth ?
# Apr 21st 2017, 13:58 Neon1024 I’m not sure I like the two step authentication
# Apr 21st 2017, 13:58 Neon1024 birdy247, No, I’m still undecided on that atm
# Apr 21st 2017, 13:57 birdy247 Do you use JWT Neon1024?
# Apr 21st 2017, 13:57 styks198- https://gist.github.com/styks1987/437f16e1fd290832eff28e171e46ef15
# Apr 21st 2017, 13:57 styks198- having a bit of an issue with saving. Can anyone help me out and look at this little snippet to determine why tracking_code is not saving?