define how to gain access to real openwhyd data from the react app?

[adrienjoly]

possibilities:

• cross-subdomain cookie,
• mirroring script,
• jwt.io,
• oauth api...

[mauricesvay]

oAuth sounds like a good idea.

[adrienjoly]

Thanks for sharing your recommendation, @mauricesvay!

Have you ever added oAuth to a back-end server? Or do you know anyone who would be willing to help us doing this?

For reference, this issue is connected to openwhyd/openwhyd#55

[adrienjoly]

Also, I'm guessing that using oAuth means that we need to modify the code of all our existing API endpoints, so that they accept tokens additionally to cookies. 😰

I'd be really interested in reading about auth solutions (or patterns) that would have a minimal impact on the code of existing API endpoints.

[mauricesvay]

I'm sorry, but I don't have much experience on the backend. I've only implemented oAuth2 clients.
I guess you could write a middleware for API endpoints that checks for oAuth2 tokens.

[adrienjoly]

Yes, I can imagine a proxy bound to api.openwhyd.org, that would handle OAuth and wrap existing API endpoints from openwhyd.org by turning OAuth session into Cookie sessions.

Not a perfect solution, but would prevent causing bugs on openwhyd.org, while enabling and experimenting OAuth quickly, imo.

[SkinyMonkey]

A proxy solution sounds better.

I'll tinker that this afternoon i think :)

[adrienjoly]

@SkinyMonkey I believe that you have a working node.js client for Openwhyd's current back-end. Would you mind sharing a URL to its code here?

[adrienjoly]

Reminder: until we setup something like OAuth, it's still possible to fetch playlists from any domain, using our public JSON API.

[adrienjoly]

Also, see openwhyd/openwhyd#194 for more info about using react to build a mobile app, or responsive web app.