| Time |
S |
Nick |
Message |
| 01:29 |
|
|
fumanchu_ joined #rest |
| 01:38 |
|
|
TeddyMurray joined #rest |
| 01:54 |
|
|
shrink0r joined #rest |
| 02:37 |
|
pdurbin |
it's interesting |
| 02:48 |
|
|
talios joined #rest |
| 02:50 |
|
|
talios joined #rest |
| 03:10 |
|
|
lemur joined #rest |
| 04:04 |
|
|
shrink0r joined #rest |
| 05:10 |
|
|
tr3online joined #rest |
| 06:39 |
|
|
_ollie joined #rest |
| 07:40 |
|
|
adaro joined #rest |
| 07:48 |
|
|
dEPy joined #rest |
| 08:12 |
|
|
TeddyMurray joined #rest |
| 08:47 |
|
|
azr joined #rest |
| 10:38 |
|
|
shrink0r joined #rest |
| 10:47 |
|
|
Left_Turn joined #rest |
| 10:51 |
|
|
zw joined #rest |
| 10:51 |
|
zw |
Hi |
| 10:51 |
|
zw |
Small question, does anyone know a good tool (macos) to test/talk to rest API's ? |
| 10:52 |
|
pdurbin |
zw: I use this one: rest-assured - Java DSL for easy testing of REST services - Google Project Hosting - https://code.google.com/p/rest-assured/ |
| 10:52 |
|
zw |
Ok thank you |
| 10:53 |
|
pdurbin |
if you just want to talk (not test) you could use the "requests" package and http://ipython.org/notebook.html |
| 10:54 |
|
zw |
K, thanks for the tip ! |
| 10:55 |
|
|
azer_ joined #rest |
| 11:01 |
|
trygvis |
pdurbin: hm, rest-assured seems useful |
| 11:11 |
|
pdurbin |
I like it. I use it at https://github.com/IQSS/dataverse-apitester |
| 11:13 |
|
|
azer_ joined #rest |
| 11:14 |
|
pdurbin |
yesterday I got the impression that https://pytest.org can be used for REST APIs: http://irclogs.jackgrigg.com/irc.freenode.net/openhatch/2015-03-19#i_3599620 |
| 11:15 |
|
trygvis |
but it would be nice with something that understands your media type |
| 11:16 |
|
pdurbin |
couldn't hurt |
| 11:17 |
|
|
vanHoesel joined #rest |
| 11:55 |
|
|
Doc-Sain1ly joined #rest |
| 11:56 |
|
Doc-Sain1ly |
If a REST service is protected, is it common practice to force the user to log in before giving access to the API, or do the API calls forward to the login somehow? |
| 11:57 |
|
trygvis |
that would be specified by the REST application |
| 11:58 |
|
trygvis |
but normally you'd use the standard HTTP codes to indicate the result to the client |
| 11:58 |
|
trygvis |
a 403 can include an authentication form |
| 12:09 |
|
pdurbin |
Doc-Sain1ly: related: http://irclog.greptilian.com/rest/2015-03-05#i_99926 |
| 12:16 |
|
Doc-Sain1ly |
pdurbin: I don't quite follow. These are basically the same arguments I'm having with myself |
| 12:16 |
|
Doc-Sain1ly |
So yea, I could just pass the user/pass in plaintext via SSL each time, but that doesn't work well with 3rd party providers |
| 12:16 |
|
pdurbin |
yeah. comes up from time to time |
| 12:16 |
|
Doc-Sain1ly |
so we're down to using a token. |
| 12:17 |
|
Doc-Sain1ly |
so this token, do I ignore everything until they do myrest/login/ and post their token, or do I do something more helpful with all the REST calls (i.e. forward to the auth page) |
| 12:19 |
|
pdurbin |
right now we return the token when you create an account. would be good to validate their email first |
| 12:19 |
|
Doc-Sain1ly |
agreed. I'm sort of ignoring the registering part though. |
| 12:20 |
|
Doc-Sain1ly |
I'm assuming they already have an account, and now they need to log in to the service. |
| 12:20 |
|
pdurbin |
ah. ok |
| 12:21 |
|
Doc-Sain1ly |
so, I'm curious how poeple "get them logged in" |
| 12:22 |
|
pdurbin |
the normal way |
| 12:22 |
|
Doc-Sain1ly |
mm, I think it's starting to come together. So no matter what, we would pass the token to the REST service each time - yes? |
| 12:22 |
|
pdurbin |
yeah |
| 12:22 |
|
Doc-Sain1ly |
so it's not really the concern of the REST service how the user/client gets the token |
| 12:23 |
|
Doc-Sain1ly |
and you avoid the session/cookie by hanging on to that token on the client side until it expires (which the rest service would notify you of) |
| 12:23 |
|
pdurbin |
again, we return the token at registration (possible via the API). maybe we shouldn't |
| 12:24 |
|
Doc-Sain1ly |
but aside from regisration - once they login from another device, they'll need to get the token again |
| 12:24 |
|
pdurbin |
sure will |
| 12:24 |
|
trygvis |
why can't you use the username/password on every request? |
| 12:25 |
|
pdurbin |
and 44c3582d-1bae-4421-a01d-b3a27eaed254 or whatever is a lot to type on a phone :) |
| 12:25 |
|
Doc-Sain1ly |
trygvis: if I want to support google login or something, I can't exactly do that. |
| 12:25 |
|
pdurbin |
trygvis: you could. but look out for firesheep. use https :) |
| 12:25 |
|
Doc-Sain1ly |
It's slowly... slowly coming together |
| 12:26 |
|
Doc-Sain1ly |
so, when I'm making a REST service (in any language) the logic code of the specific call doesn't handle the authentication, the framework around it does |
| 12:26 |
|
Doc-Sain1ly |
and it will be looking in the headers for the token or whichever authentication method has been implemented |
| 12:28 |
|
pdurbin |
assuming you're using a framework |
| 12:28 |
|
trygvis |
right, that kind of third party |
| 12:29 |
|
trygvis |
then you'll probably have to hard-code something for every identity partner, like you have in an html app |
| 12:30 |
|
trygvis |
we did that for our android and ios app |
| 12:30 |
|
trygvis |
on android you can integrate with the build-in accounts stuff so we could get some google token from android directly |
| 12:30 |
|
pdurbin |
trygvis: so on android people log into your app via their google account? |
| 12:35 |
|
Doc-Sain1ly |
I'm playing in the .NET WebApi2 environment |
| 12:35 |
|
|
interop_madness joined #rest |
| 12:37 |
|
pdurbin |
sounds like a framework |
| 12:38 |
|
Doc-Sain1ly |
indeed. |
| 12:38 |
|
trygvis |
pdurbin: yes, via the only you already have registered on your phone |
| 12:38 |
|
Doc-Sain1ly |
I think the problem is a lot of the articles I read assume a certain level of knowledge on each of these topics |
| 12:39 |
|
pdurbin |
trygvis: or one of the multiple google accounts some people (like me) have on their phones, presumably |
| 12:39 |
|
trygvis |
the selector is built IIRC in so I think we just ask the phone for "an account" |
| 12:40 |
|
pdurbin |
makes sense |
| 12:40 |
|
pdurbin |
trygvis: I'd like to add this to https://github.com/IQSS/dataverse-android ... the ability to log in to our app via the API using one's Google account. Any pointers? Is this all with OAuth? |
| 12:42 |
|
pdurbin |
right now that Android app doesn't log in... it only uses a public Search API |
| 12:44 |
|
pdurbin |
Doc-Sain1ly: that's what this channel is for :) |
| 12:47 |
|
Doc-Sain1ly |
I'll be spending some time here then :D |
| 12:47 |
|
Doc-Sain1ly |
Is it acceptable to ask specific questions and post source code? |
| 12:48 |
|
Doc-Sain1ly |
I understand it's not a .net support channel, but it's often the theory behind it I'm unsure of |
| 12:48 |
|
pdurbin |
sure. I like http://danceb.in or https://gist.github.com |
| 12:51 |
|
Doc-Sain1ly |
Cool. Well, thanks so much for the help so far. Need to let my brain unwind a bit and then I'll take another crack at it |
| 12:52 |
|
trygvis |
pdurbin: ask me next week and I can try to give you some source code |
| 12:52 |
|
trygvis |
our app is closed source for now |
| 12:52 |
|
pdurbin |
trygvis: pull requests welcome! ;) |
| 12:52 |
|
pdurbin |
I'll ask next week. Thanks. |
| 14:23 |
|
|
mezod joined #rest |
| 14:52 |
|
|
jackalista joined #rest |
| 14:57 |
|
|
mgomezch joined #rest |
| 15:01 |
|
|
mgomezch_ joined #rest |
| 15:31 |
|
|
tr3online joined #rest |
| 16:03 |
|
|
fumanchu joined #rest |
| 16:45 |
|
|
_ollie joined #rest |
| 16:45 |
|
|
lemur joined #rest |
| 17:16 |
|
|
adaro joined #rest |
| 17:28 |
|
|
jcromartie joined #rest |
| 17:37 |
|
|
shrink0r joined #rest |
| 18:21 |
|
|
begriffs joined #rest |
| 18:46 |
|
|
whartung joined #rest |
| 18:52 |
|
|
Doc-Saintly joined #rest |
| 18:54 |
|
|
vanHoesel joined #rest |
| 19:04 |
|
|
hackel joined #rest |
| 19:39 |
|
|
shrink0r joined #rest |
| 19:46 |
|
|
jcromartie joined #rest |
| 19:50 |
|
|
Doc-Saintly joined #rest |
| 19:51 |
|
|
bigbluehat joined #rest |
| 20:10 |
|
|
ekroon joined #rest |
| 20:16 |
|
|
imanc_ joined #rest |
| 20:55 |
|
ramsey |
bigbluehat: Not sure if you saw my PMs, so poking you here to let you know I sent you PMs. :-) |
| 20:57 |
|
|
jaawerth left #rest |
| 22:26 |
|
|
jcromartie joined #rest |
| 23:38 |
|
|
fumanchu_ joined #rest |
