Currently, some of the owner-specific API calls requires the User and Password to be transmitted for authentication purposes. This causes HAT-applications to have to store User/Password data in its session. This is inherently unsafe and cumbersome.
I propose a Session Control function set to be build into HAT Core.
This function set would include
- A login function, returning a session token
- A logout function
- SessionAuthenticationHandler, which uses the sessionToken (in place of the current User/Password authenticationHandler).
- The sessionToken should auto-expire.
A SessionControl in HATcore makes the end-user applications that Noggin is building much more user friendly.
The question is
a. does HATDex want to code this?
b. or have Noggin code this?
Happy New Year!