Feature #171

Implement login using a shared secret

Added by Patrick Stählin over 2 years ago. Updated 7 months ago.

Status:Closed Start date:10/12/2009
Priority:(P2) High Due date:
Assignee:Patrick Stählin % Done:

100%
Category:-
Target version:1.0-alpha2
Severity:Major
Story points-
Velocity based estimate-

Description

This should prevent applications from saving a users password.

Related issues

related to Feature #163: Secure the dSS Closed 10/12/2009
related to Feature #185: Allow the admin account to be unlocked by a PUK Rejected 10/14/2009
related to Bug #866: Check that the "nobody" user can't access internals of th... Assigned 05/25/2011

Associated revisions

Revision 94c60166
Added by Patrick Stählin about 1 year ago

Login implemented

Users of the JSON-API will need to call system/login?user=xxx&password=yyy
to use subscriptions.

References #171, #438

Revision 82502399
Added by Patrick Stählin 11 months ago

Passwordless login implemented

Closes #171

History

#1
Updated by Miguel Rodriguez over 2 years ago

  • Status changed from New to Assigned
  • Assignee set to Patrick Stählin
  • Target version set to 0.8.0-alpha1
  • Severity changed from Normal to Major

#2
Updated by Matthias Aebi almost 2 years ago

  • Target version changed from 0.8.0-alpha1 to 0.9.0-alpha1

Was always planned for 0.9

#3
Updated by Miguel Rodriguez over 1 year ago

  • Status changed from Assigned to Feedback
  • Priority changed from (P3) Normal to (P1) Urgent

Login is higher priority. Please specify idea behind share secret

#4
Updated by Miguel Rodriguez over 1 year ago

  • Priority changed from (P1) Urgent to (P2) High

#5
Updated by Patrick Stählin over 1 year ago

  • Assignee changed from Patrick Stählin to Miguel Rodriguez

The shared secret login is similar to a session with a token that never times out. If you're programming an application you don't want to store the users password anywhere, instead you're requesting a shared secret which you'll have to provide instead of username/password.

I'd say it's something we should consider implementing but not with high-priority.

#6
Updated by Miguel Rodriguez over 1 year ago

  • Target version changed from 0.9.0-alpha1 to 0.9.0-alpha3

#7
Updated by Miguel Rodriguez over 1 year ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Miguel Rodriguez to Patrick Stählin

#8
Updated by Miguel Rodriguez over 1 year ago

  • Target version changed from 0.9.0-alpha3 to 0.9.0-alpha4

#9
Updated by Miguel Rodriguez about 1 year ago

  • Target version changed from 0.9.0-alpha4 to 0.9.0-alpha5

#10
Updated by Miguel Rodriguez about 1 year ago

  • Target version changed from 0.9.0-alpha5 to 1.0-alpha1

#11
Updated by Miguel Rodriguez 12 months ago

  • Target version changed from 1.0-alpha1 to 1.0-alpha2

#12
Updated by Patrick Stählin 11 months ago

  • % Done changed from 0 to 100

MR submitted

#13
Updated by Patrick Stählin 11 months ago

  • Status changed from Assigned to Closed

Also available in: Atom PDF