View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010108 | Taler | merchant backoffice SPA | public | 2025-06-16 10:45 | 2025-07-09 17:01 |
| Reporter | Christian Grothoff | Assigned To | sebasjm | ||
| Priority | high | Severity | block | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | 1.1 | ||||
| Summary | 0010108: customer unable to extract authorization token for WooCommerce integration | ||||
| Description | The SPA currently does not offer a nice way to show/extract/expose/create authorization tokens needed to hook up PoS apps or E-commerce integrations like WooCommerce. We need to have an "Access" menu in the main navigation where the user can - view access tokens they have issued - revoke access tokens - create new access tokens by specifying a name (for the above), scope and expiration (incl. never). | ||||
| Tags | No tags attached. | ||||
| related to | 0009644 | confirmed | bank ui should support listing and revoking tokens | |
| related to | 0010118 | resolved | schanzen | merchant backend should have API to list and revoke access tokens |
| parent of | 0010159 | resolved | sebasjm | merchant backend should return list of tokens |
| parent of | 0010171 | resolved | schanzen | doesnt return new tokens after creating one |
| parent of | 0010173 | resolved | schanzen | cant add description in the token info |
|
|
I can start working on the SPA but we need one more endpoint in merchant backend for listing tokens. We should use the bank impl as reference https://docs.taler.net/core/api-corebank.html#authentication |
|
|
Yes, I know. We'll try to provide such an endpoint ASAP. Martin: if you have time to spec and/or implement it great, otherwise I'll eventually get to it ;-). |
|
|
I added the listing endpoint according to the bank API but that API does not return the token itself. So now the API I created in 0010118 also does not return the token. My guess: We need another endpoint to get the token value by token serial, or return it in the token list itself. (We will accordingly then deviate from the Bank API again, which will either have to follow suit, or be different) |
|
|
for clarification, the token VALUE must not be returned by the endpoint in any time... i consider this a security issue. usually when a token is created the user should save the string value or loose access to it forever, because the backend will not expose it again. the "LIST tokens" feature is to be able to check how many token active there are and delete unused/old ones (that's why creation time, last use time and description are good for... may also scope is interesting to revoke the most dangerous ones) in the use case of woo commerece, if the user needs one token to do the integration with the backend then the SPA should have the functionality to create a new token and add a description. that should be enough |
|
|
I'm OK with the token only being returned the first time upon creation. I still think the SERVER should create the token, as that way we can more safely ensure it is a high-entropy token. |
|
|
after f61a65488..b9539673a the merchant can go into the new "active session" section in the side bar which will show the current access tokens with description, scope and expiration. Is listing will allow the user to remove access to previously shared tokens. Here the merchant can also create new access token, the token will be shown once, suggest to copy and save the token. |
|
|
I will keep this open until we fixed the two issues on the merchant backend and I can test both things working together |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-06-16 10:45 | Christian Grothoff | New Issue | |
| 2025-06-16 10:45 | Christian Grothoff | Status | new => assigned |
| 2025-06-16 10:45 | Christian Grothoff | Assigned To | => sebasjm |
| 2025-06-16 13:29 | sebasjm | Note Added: 0025254 | |
| 2025-06-16 13:32 | Christian Grothoff | Note Added: 0025255 | |
| 2025-06-24 22:27 | schanzen | Relationship added | related to 0009644 |
| 2025-06-24 22:28 | schanzen | Relationship added | related to 0010118 |
| 2025-06-24 22:31 | schanzen | Note Added: 0025352 | |
| 2025-06-25 01:13 | sebasjm | Note Added: 0025358 | |
| 2025-06-25 01:15 | sebasjm | Assigned To | sebasjm => Christian Grothoff |
| 2025-06-25 01:15 | sebasjm | Status | assigned => feedback |
| 2025-06-25 14:31 | sebasjm | Note Edited: 0025358 | |
| 2025-06-29 10:18 | Christian Grothoff | Note Added: 0025376 | |
| 2025-06-29 10:19 | Christian Grothoff | Assigned To | Christian Grothoff => sebasjm |
| 2025-06-29 10:19 | Christian Grothoff | Status | feedback => assigned |
| 2025-07-08 17:25 | sebasjm | Relationship added | parent of 0010159 |
| 2025-07-09 16:42 | sebasjm | Note Added: 0025464 | |
| 2025-07-09 16:56 | sebasjm | Relationship added | parent of 0010171 |
| 2025-07-09 16:59 | sebasjm | Relationship added | parent of 0010173 |
| 2025-07-09 17:00 | sebasjm | Status | assigned => confirmed |
| 2025-07-09 17:01 | sebasjm | Note Added: 0025465 |
