Avatar

Access-Token for RSS feeds (Features)

by Auge ⌂ @, Tuesday, March 13, 2018, 10:32 (222 days ago)

Hello

I pored over an idea to access personalised RSS-feeds since ages. I implemented this in a very simple way for MLF1 for a RSS-reader as a browser plugin. The reader plugin spotted a login in the browser because of the existing cookies. With providing URL-parameters for the categories, I was able to access also internal categories (access only for registered users or admins and mods). But there was no solution for stand alone readers and no real authorisation check.

Now I stumbled over access tokens for RSS-feeds in Gitlab (we run an instance at work). With the token the software selects the content, a user is allowed to see. What brings my old idea up again.

With such a personal token for every registered user the program could select the content of the feed respecting the category selection of the matching user or, in case of admins and mods, inform about new users, the amount of new entries or, if implemented, about abuse notices.

This would be also a possible way to reduce the amount of e-mails. Especially members of a forum-team should be interested to minimise the personal e-mail-traffic and should also be able to use a RSS-reader.

We would need an additional field in the user data table and in the user edit form, a function to generate a new token and last but not least a logic in rss.inc.php to validate the submitted token and to select the relevant data.

Any thoughts?

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Tags:
feature request, 2.5, feature, discussion

Avatar

Access-Token for RSS feeds

by Auge ⌂ @, Tuesday, March 13, 2018, 11:17 (222 days ago) @ Auge

Hello

Meanwhile I found a few ressources. The task seems to be a big bit more than just the decribed idea.

Especially the token should should be a not transmitted secret. Instead the transmission should contain a string, generated with the token and details from tha actual request and should only be transmitted when using only HTTPS. That way a RSS reader could not generate such a request.

Bad news. :-(

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Tags:
feature request, 2.5, feature, discussion

RSS Feed of thread
powered by my little forum