IRC log for #rest, 2016-11-28

https://trygvis.io/rest-wiki/

← Previous day | Channels | #rest index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time	S	Nick	Message
07:12			_ollie joined #rest
07:46			_ollie joined #rest
09:21			Tomatosoup- joined #rest
09:52			marcv joined #rest
10:10		marcv	Hello. In my (oauth-protected) REST API, I want to give users the possibility to change their password. A PATCH sent to /users/{id} is ok, but for something so sensitive as modifying a password, I think maybe it would be good to not rely on an oauth token in this specific case, but ask the user for their current credentials. Is it a good idea to ask for the current password in a custom http header for instance?
10:10		marcv	I would use HTTP Basic authentication for this specific request, but I cannot target only this one, I would have to apply it to every PATH sent to /users/{id}
10:10		marcv	PATCH, sorry
12:04		pdurbin	on the right track to require more than the oauth token
13:10			marcv joined #rest
13:31			fuzzyhorns joined #rest
13:46			ShekharReddy joined #rest
16:01			`0660 joined #rest
16:02			igitoor joined #rest
16:15			igitoor joined #rest
16:15			tbsf joined #rest
16:28			ghostlight joined #rest
17:01			tbsf joined #rest
17:03			tbsf joined #rest
17:31			ShekharReddy joined #rest
17:33			Tomatosoup- joined #rest
17:45			wsieroci joined #rest
18:08			_ollie joined #rest
18:13			ShekharReddy joined #rest
19:23			tbsf joined #rest
19:27			tbsf joined #rest
19:40			wsieroci joined #rest
22:53			fuzzyhorns joined #rest

← Previous day | Channels | #rest index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

https://trygvis.io/rest-wiki/