vivainio / authorizr Goto Github PK

We want to enable partial offline operation (e.g. every 5 uses, do the web request).

/consume should take an agument "count=N" that reduces N tries from the quota

Currently, we just create random UID. We need to change this to be user configurable (e.g. my_app_cred_id).

Add prefilled cred templates as "examples", e.g. by having a combobox to prefill the fields.

Get template values from "sanction" example

Use case: allow playing a game for 1000 seconds, in arbirtary number of sessions.

Implementation: on calling POST /sub/consume/, add argument that indicates the duration of previous session in seconds. Response returns how many seconds you have left.

For (cheaper) scalability, we should use S3 to serve media files. I created a snapshot of media files at a (free plan) s3 area:

E.g. these work

https://s3-eu-west-1.amazonaws.com/authorizr/media/img/glyphicons-halflings-white.png

Django admin:

https://s3-eu-west-1.amazonaws.com/authorizr/media/admin/css/base.css

We should at least support twitter w/ oauth1. Probably should use python-oauth2 library for this

Check some other way whether you should use localhost as server

Analyze performance with unpaid heroku account. Consider whether we need 1 or more dynos (and only pay for the database).

Admin screens don't need to be benchmarked

We should use "credits" throughout the service instead of "count" (with T&B, one "try" consumes 1 credit, or 1 credit could be 1 second for time limited game)

Add memcached support (store Resource's in mem cache)

Need mechanism to delete old auth sessions from the db.

The scenarios are:

1 delete session when it's been fetched
2 delete sessions older than 1-2 days.

2. needs to be implemented anyway, so let's have that first. django-celery works on heroku, so we may want to use that for this daily "cron" job.

If we receive refresh token along with access token from the server, we should relay this to the user. This means fetch_access_token should return json as well

Easy text form to give feedback needed

We should probably partition the database to "live" sessions and "expired" sessions.

When "consume" is called:

• first look at live sessions, use that if available
• then look at expired sessions, use that if available
• if neither is available, create new live session

Proposed table name: ExpiredSession

Need to check different responses in case of erroneous request and how to react.

At least oauth2 rest api needs to be sanitized

Our generic "you can close the browser now" page is too generic. We should allow specifying an user-hosted page where he can provide more detailed info (e.g. "close the browser and click "continue button on whizbangapp".

add memcached support.

Probably best thing to store would be AppCreds

callback url should not be configurable, it's "FYI" information. Do not put it in inputbox for cred view