🚀 Feature: Protect endpoints with password #2752
Comments
|
This implementation would make the API behavior a bit more complex, so this is not something we would want to prioritize at the moment. That said, in console 2.0 we've added many dialogs to prevent destructive action being made by mistake. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🔖 Feature description
Password is currently only being used when creating a session. We should also use password to protect account-critical update endpoints, for instance, deleting the account.
Before implementing the feature, we should discuss which endpoints exactly should be protected. We can keep 2FA in mind, and be aware that all password-protected endpoints will most likely be also protected by 2FA code in future.
🎤 Pitch
I was writing RFC for 2FA and I noticed we currently don't protect client-SDK endpoints with password properly. We have the functionality in Appwrite Console, but we never added this option to SDKs.
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: