greptilian logo

IRC log for #rest, 2015-03-05

https://trygvis.io/rest-wiki/

| Channels | #rest index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
00:02 vanHoese_ joined #rest
00:33 proteusguy joined #rest
01:02 shrink0r joined #rest
01:16 shrink0r_ joined #rest
01:57 huckleberry78 joined #rest
02:15 fumanchu joined #rest
02:28 SlippinJimmy joined #rest
04:11 lemur joined #rest
07:16 fumanchu_ joined #rest
07:41 _ollie joined #rest
09:00 azr joined #rest
09:21 interop_madness joined #rest
10:12 shrink0r joined #rest
10:20 azr joined #rest
10:26 Left_Turn joined #rest
10:38 vanHoesel joined #rest
11:09 vanHoesel joined #rest
11:23 proteusguy joined #rest
11:50 Karthi joined #rest
11:51 Karthi Hi i want to know how to make a secondary webserverice url in app ?
11:52 Karthi left #rest
12:13 vanHoesel joined #rest
13:10 azr joined #rest
13:15 mezod joined #rest
13:19 jsys joined #rest
13:19 jsys Folks how should an endpoint behave for *generating* tokens
13:19 jsys I pass user/pass (or other auth info) and get back token id
13:19 jsys I browsed and browsed various APIs, they all do it differently.
13:21 trygvis those APIs are probably not RESTful :)
13:23 pdurbin jsys: we send back the token when the user is created. see http://irclog.greptilian.com/rest/2015-01-09#i_90891
13:25 jsys pdurbin: thanks. My tokens expire and have limited scope so when I create a user I return an id, and then have a separate resource collection for tokens. Or such is the plan at least
13:25 trygvis that's one way to do it
13:25 jsys I'm not sure what to call them.
13:25 jsys Some call the resources /tokens but... a token is the *id* not the *payload
13:25 trygvis why does your token expire?
13:25 jsys I mean that's not proper english :P
13:26 trygvis don't worry, nobody cares about the URL anyway
13:26 jsys I care because this is a communication issue.
13:26 ironChicken jsys: < POST /session  application/json {"username":"..","password":".."}
13:26 jsys I mean I could also call it /passwords and that would be confusing.
13:26 jsys And so /tokens is also kinda misleading.
13:26 jsys But I don't know what to call that resource
13:27 trygvis I don't understand what you're trying to do
13:27 ironChicken jsys: > 201 Created; Location: /session/24395645 application/javascript {"id":"24395645",...}
13:27 jsys trygvis: find a proper name for a resource, whose payload is "this user with those permissions" and its id is "the token used to authorize actions"
13:28 trygvis ironChicken: why would you do that if you already have a username and password? just use HTTP's built-in authentication?
13:28 jsys ironChicken: ok so you cll it "session"
13:28 trygvis jsys: no, why do you need to create these tokens in the first place?
13:28 jsys trygvis: what's the alternative
13:28 trygvis creating sessions like that is not only bad REST, it is bad HTTP
13:29 trygvis and bad architecture
13:29 jsys trygvis: what's the alternative
13:29 nkoza joined #rest
13:29 trygvis just send the username and password in every request
13:29 jsys trygvis: that is obviously impossible.
13:29 trygvis why?
13:29 jsys trygvis: lets imagine a web client, the user signs in once. Where would the web client stuff the password, in plain text, so it can keep passing it to the services?
13:30 trygvis you can do as pdurbin said and replace a username/password with a persistent token, but you'd still use http auth to send it
13:30 jsys So we're baxk where we started :P
13:30 jsys What is the name of a resource whose id is a token and its payload is credentials for a user?
13:30 trygvis where do you expect to put this "token" you're talking about?
13:31 jsys trygvis: put it?
13:31 trygvis "put" as in "store"
13:31 jsys trygvis: in the session
13:31 jsys trygvis: however this is why it expires and has limited scope
13:31 jsys trygvis: while the password doesn't
13:31 trygvis uhm, "session"?
13:32 trygvis you're not making sense
13:32 jsys trygvis: the web client has a session with the user. What's confusing about this.
13:32 trygvis are you talking about a browser or a program?
13:32 jsys web client = site
13:32 jsys But nothing changes with a program
13:32 trygvis and by "site" you mean?
13:32 ironChicken i love the way debates in this channel and so high level
13:33 jsys ironChicken: so high level I have to explain what a "site" is :P
13:33 * jsys gives up
13:33 trygvis a site is normally a term used for a server of sorts, so I am really confused
13:34 jsys trygvis: if you have a service and some client consumes it, if I say "iOS client" I mean an iOS app that talks to the service; If I say "web client" I mean a web site that talks to the service.
13:35 trygvis as in a http server that does another http call to another service on behalf of a browser?
13:35 jsys Rght
13:35 jsys right
13:37 trygvis rest and http mainly conserns itself about communication between a single client and a single (origin) server, not client -> server -> server
13:39 jsys trygvis: I can also do an HTTP call directly via AJAX, nothing changes
13:39 jsys trygvis: the fact the a service *client* is also a web site *server* is not important. But it has to be something. An app, a site, something.
13:40 jsys Anyway I'll just call it "tokans"
13:40 jsys Heh, or rather.. "tokens"
13:44 vanHoesel joined #rest
13:48 trygvis maybe in your world, but this is REST and does certain assumptions
13:49 autrilla joined #rest
13:50 autrilla I have a set of different embedded devices, and I want them to send information to my server, possibly via HTTP and RESTful web service. To what URL should each device post? Something like /device_id? Or maybe /device_type/device_id?
13:51 jsys trygvis: well my choice is more REST than any other API I saw today.
13:51 jsys trygvis: very API had no clue what their "resources" are.
13:51 jsys trygvis: every*
13:52 jsys Mine's simple:  TokenPayload identified by TokenId under /tokens/
14:03 trygvis jsys: the URL is supposed to be opaque. what is important is how the user discovers the URL
14:04 trygvis if you want to try to follow how RESTful architectures is supposed to be that is
14:34 azr_ joined #rest
15:11 autrilla_ joined #rest
15:20 azr joined #rest
15:22 mgomezch joined #rest
15:23 vanHoesel joined #rest
15:42 vanHoesel joined #rest
15:45 interop_madness joined #rest
15:49 azr joined #rest
16:16 seanbrant joined #rest
16:22 seanbrant As I need a resource that fetches async a remote list of repositories from say Github. Does this API make sense? https://gist.github.com/seanbrant/2c659e872dfe9788f8f2
16:28 fumanchu_ yes, but I would recommend 201 instead of 202
16:28 fumanchu_ let the "status" indicate the async nature
16:30 fumanchu_ that is: you did create a new resource; just because it isn't at its final state doesn't mean it doesn't exist
16:32 lemur joined #rest
16:41 seanbrant fumanchu_: makes sense
16:45 azr joined #rest
17:00 lemur joined #rest
17:11 azr joined #rest
17:12 autrilla joined #rest
17:34 igitoor joined #rest
17:45 igitoor joined #rest
17:57 warehouse13 joined #rest
18:16 Mxyzpltk joined #rest
18:20 mezod joined #rest
18:22 azr joined #rest
19:04 SupaHam joined #rest
19:23 fragamus joined #rest
19:48 shrink0r joined #rest
20:06 autrilla_ joined #rest
20:15 dreamdust joined #rest
20:17 ralphschindler joined #rest
20:22 dreamdust joined #rest
20:37 Mxyzpltk joined #rest
21:25 pgicxplzs joined #rest
21:31 autrilla_ I have a set of different embedded devices, and I want them to send information to my server, possibly via HTTP and RESTful web service. To what URL should each device post? Something like /device_id? Or maybe /device_type/device_id?
21:35 mgomezch joined #rest
21:35 whartung autrilla_: a) doesn't matter. That said, b) what are they POSTing?
21:38 autrilla_ whartung, it depends on the device. For example, temperature probes would post temperatures
21:43 autrilla_ Other things could be sent too, for example the speed of a fan, the percentage of a window that's open, stuff like that
21:45 Mxyzpltk joined #rest
21:55 Mxyzpltk joined #rest
21:57 shrink0r_ joined #rest
22:05 _ollie joined #rest
22:07 autrilla joined #rest
22:16 Mxyzpltk joined #rest
22:56 Mxyzpltk joined #rest
23:13 Mxyzpltk joined #rest
23:22 htowngangsta joined #rest
23:51 shrink0r joined #rest

| Channels | #rest index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

https://trygvis.io/rest-wiki/