[Proposal] per-device api keys

Recently I made a little project with a spark core and relay shield to let me turn 4 strings of Christmas lights around my desk on and off remotely. I exposed functions to toggle the relays and gave my coworkers the commands to use – it was a big hit!

Unfortunately, an access token is the key to the kingdom; it’s associated with your account rather than a specific device and lets the bearer do everything (I think) except manage access your tokens. This includes flashing your devices or even removing a device from your account. I trust my coworkers, but I really wanted to be able to share this more widely.

The answer, of course, was to build a web application to hide the access token from end users ([check it out]1) but it got me thinking about other ways to do this. In the interest of security I feel there should definitely be a way to authenticate access to the exposed functions and variables of a specific core without allowing any other account-level access. @nexxy suggested I bring it up for discussion here.

I have been hacking on the spark-cli for a couple of days now to familiarize myself with node.js, access tokens, and how the Spark API works, but I have yet to move on to tweaking the spark-server. I don’t have a fully-formed idea of how this idea would be implemented yet and would appreciate input from the community, but I think it might work something like this:

An “api key” (or whatever we end up calling it) will live under your account and be linked to one or more “grants”. Api keys can either be set to last forever (until revoked) or to expire after a certain time.

ApiKeys:
{
    "api_key": "deadbeef",
    "expires_at": "never",
    "client": "public light switch"
}

ApiKeyGrants
{
    "api_key": "deadbeef",
    "device_id": "christmas_light_blinker",
    "grant": "variables"
}
{
    "api_key": "deadbeef",
    "device_id": "christmas_light_blinker",
    "grant": "function/on"
}
{
    "api_key": "deadbeef",
    "device_id": "christmas_light_blinker",
    "grant": "function/off"
}

Thoughts? Comments? Suggestions? I’ll keep this thread updated as I talk with people and start learning about spark-server.

~Kyle

5 Likes

Obviously I think it’s a great idea, and I like where you’re headed with the concept of a sort of ACL (rather than simply a “public mode”); there’s tons of potential there!

I could have definitely used something like this for a demo recently.

I’ve been tangentially related to some development on an S3 compatible object store…I’ll have to look back into how they do grants and pick my coworkers’ brains about their thoughts on this, too.