On Thursday, April 23, 2015 at 12:43:25 AM UTC+2, James Mahy wrote:
> we store their tokens and then each subsequent request is done using their tokens.
This can be a solution, but it requires us to store the user's authorization token.
Currently I'm discarding every authorization info as soon as I've been able to confirm the user's identity and retrieve his id (if we're able to "refresh" his user name I won't save his e-mail address, either).
We're doing this because imgur's APIs do not provide granular access, once the user authorize an application that application has full control on the user's account, and I don't want such a responsibility if I can avoid it: databases can be compromised — yes, technically the tokens require the application's client secret to work, which we don't store in the database — but if something it's not there in the first place it can't be disclosed; moreover not having access to the user's account is a bonus for his privacy and peace of mind.
While I do understand that for an application like Social Savannah, due to its nature, interacting with the user's account is something that can happen frequently, in our application we only need to confirm the user's identity; once that is done we no longer need any interaction with the user's account — the user will probably never return to the web site once the application form is submitted, too.
Side note (not related to you suggestion): doing a refresh when sending out the notifications will at least double and at most triple the API calls, I don't know if this can somehow impact imgur's infrastructure (we send the notifications in bulk as soon as the matching — which happens automatically, thanks to @zrrz — is completed).
On Thursday, April 23, 2015 at 12:43:25 AM UTC+2, James Mahy wrote:
> Give me a shout if you need any help on
he...@socialsavanna.com, we started doing the match making on Social Savanna but found there wasn't much interest
> so still have a lot of code left over from it.
Thanks, I'll probably write you regarding a couple of issue we're facing at the moment, maybe you already solved them.