Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement "PAT Token" for API access #360

Open
ravisuhag opened this issue Sep 24, 2023 · 0 comments
Open

Implement "PAT Token" for API access #360

ravisuhag opened this issue Sep 24, 2023 · 0 comments

Comments

@ravisuhag
Copy link
Member

Currently, Frontier provides various authentication mechanisms for users and applications, such as social logins, API keys, and OAuth tokens. However, we have identified a need for a new authentication method called "Pat Token" (Personal Access Token) to enhance security and usability for our users.

Problem Statement:
Our users often require programmatic access to our platform, and while API keys are available, they may not be suitable for all use cases. Personal Access Tokens (PATs) are a common and user-friendly way to provide secure access for automation and third-party applications.

Proposed Solution:
We propose implementing the "Pat Token" feature, which will allow users to generate and manage Personal Access Tokens within their IAM accounts. These tokens can then be used for various purposes, including API authentication, script automation, and integration with third-party applications.

Functional Requirements:

  • Token Generation: Users should be able to generate PATs from their account settings.
  • Token Management: Users should have the ability to view, regenerate, and revoke their PATs.
  • Token Scopes: PATs should support fine-grained access control by allowing users to specify the scope of permissions granted to the token.
  • Token Expiry: PATs should have configurable expiration dates to enhance security.

Security Considerations:

  • Tokens must be securely stored and transmitted.
  • The generation of tokens should be logged and audited for security purposes.
  • Token revocation should be immediate and effective.

User Interface:
We need to design an intuitive user interface within the IAM platform that allows users to manage their PATs easily.

Testing:
Comprehensive testing, including unit tests, integration tests, and security testing, should be conducted to ensure the feature works as expected and does not introduce any security vulnerabilities.

Documentation:
User documentation should be provided to guide users on how to generate, manage, and use PATs effectively.

Acceptance Criteria:

  • Users can generate PATs from their account settings.
  • Users can view, regenerate, and revoke PATs.
  • PATs support configurable scopes and expiration dates.
  • Security considerations are addressed, and tokens are properly secured.
  • Comprehensive testing is completed.
  • User documentation is available.

Additional Information:

This feature will greatly enhance the usability and security of our IAM platform, making it more appealing to users who require programmatic access to their accounts. It will also align our platform with industry best practices for authentication and authorization.

@ravisuhag ravisuhag moved this to 2023 Q2 in Roadmap Sep 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: 2024
Development

No branches or pull requests

1 participant