It seems that if there are many keys, clients get "Invalid Key API" error for all the keys except the first created one.

To reproduce this error,
Fresh install latest Drupal+Service.6.x-2.x
Create 2 keys with the same configuration.
test node.get() with the first key=> works
test node.get() with the second key=>Invalid Key API

Comments

marcingy’s picture

marcingy commented

Is this using the browser?

skyredwang’s picture

skyredwang
Location Shanghai
commented

"test" means testing in a remote client.

marcingy’s picture

marcingy commented

what are the parameters you are passing into each call? Because that error is only thrown when the hash is invalid.

marcingy’s picture

marcingy commented

I see one case when this could happen, does same configuration equal the same domain?

skyredwang’s picture

skyredwang
Location Shanghai
commented

RE:#3
In the simple testing case above,
hash, api_key_1, domain_name, domain_time_stamp, nonce, sessid, node.get(), nid are passed ===> then it works.
hash, api_key_2, domain_name, domain_time_stamp, nonce, sessid, node.get(), nid are passed ===> Invalid Key API

RE:#4
Yes. if the two keys have the same domain, then the error occurs. If different domains, then no error.

marcingy’s picture

marcingy commented
Priority: Critical » Minor

The isuse is that we should validate to see if the domain already exists in the table on the key creation screen. If it does we need to throw an error. The intent is that only one key is supported per domain.

skyredwang’s picture

skyredwang
Location Shanghai
commented

#6

The intent is that only one key is supported per domain.

I have one use case: Android and iPhone applications for the same domain. Using two keys allows different permission configurations and can turn off one application at a time. This could be done with two domains, but I feel one domain is better.

What do you think?

marcingy’s picture

marcingy commented

A single key per domain is the how the solution is designed this won't be changed - in a sense domain is the wrong name for the field in reality it is a unique identifier to allow the key to be retrieved.

gdd’s picture

gdd
he/him
Primary language English
Location Portland, OR
commented
Status: Active » Closed (won't fix)

I'm marking this won't fix since it seems to be resolved.

threexk’s picture

threexk commented

It is important that it be possible to use multiple keys for a single domain. You might want to restrict access differently to clients on the same domain. You might want to:
1. Only allow client A to access method X, but disallow client B on the same domain from accessing method X.
2. Have different clients on the same domain use different keys so you can tell which client is accessing.
3. This functionality isn't in keyauth yet, but you might want to have different IP restrictions based on the client.

My understanding is the "domain" is arbitrary and has no real correspondence to DNS domain names, so I suppose you could make a unique domain name for each client? In this case, the name "domain" seems misleading...

threexk’s picture

threexk commented

#8 answers my previous question.

Maybe "domain" could be changed to "application ID" or "client ID" or something? I would say "key ID", but that is already taken.

sinasalek’s picture

sinasalek commented

@threexk i also think that's a good idea
When i started at first, i took me few minutes to understand that. I was wondering if it's really domain, how can it be used for client side applications!!