You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current authentication code is a mess. It contains some remnants from previous suboptimal solutions and generally lacks any clear semantics. Some specific problems I see there are:
Catching all Exceptions (both in authentication_header_handler and in bearer_token_handler) instead of just the really expected one – this can lead to silent failures instead of correctly crashing.
The Identity class serves two puproses – storing the account number (or None), which is needed in the operations, and storing the bearer token, which is not. We can either only store an account number in it, or get rid of the class completely and use the sole account number as an identity.
The _asdict and eq methods of the Identity class are unnecessary and can be removed.
The validate method validates either account number presence or bearer token validity. This can be moved to the validation handlers in app.auth.
An environment variable with the shared secred is loaded there, but should be in the app.config module instead. This is already acknowledged.
The text was updated successfully, but these errors were encountered:
The current authentication code is a mess. It contains some remnants from previous suboptimal solutions and generally lacks any clear semantics. Some specific problems I see there are:
The text was updated successfully, but these errors were encountered: