APISexAuthBearer: implementation of the Bearer HTTP authentication scheme (RFC6750) and the OAuth 2.0 Token Introspection (RFC7662) token verification method
APISexFilterThrottler: throttler that can throttle on IP address, client, subject, URI, etc.
When dealing with API access control I think you have 2 cases:
You consume your APIs from the web page javascript
In this case using cookies for API access control does the job
Your APIs are consumed by websites on other domains (cookies aren’t shared between different domains), third-parties (OpenAPI or information exchange with partners (machine-to-machine)) or mobile applications
Here you cannot use cookies (except using ugly and dangerous hacks) and APISex plugs may help you use a protocol designed for that
Alright I’m going to say it: your library is a great idea but not so sure about the name. Whenever I look at it I think “API Sex” and quite possibly reminds me of a scene from the movie “A.I.”
I agree about the name. Whenever releasing something that might be used by others, or those in a professional environment, it’s best to stick to clean/neutral language
When choosing a name for your library, please consider search engines. There is a package I quite like called “assertions”. Try to google “elixir assertions”, no chance you will find it o the first 3 google pages. “API sex”, I don’t want to have in my search history to be honest. Avoid words like “sex” “boob” “cock” “dick” or anything along that line if you want your library to be used.
Edit: to clearify, I don’t have a problem with porn, sex, homosexual intercourse, dickpicks or anything someone might bring up. I just do not want to use the keyword “sex” in the search engine I use for work. Because that will lead to other things showing up when I search for api. Or sex. Don’t judge me.
If i as an employer Chose this library and some intern or woke person would see this. I`d be having focus on something else than getting work done. Also I’d second this Ningi’s comment as people do get fired for this. Also, some programmers have wife’s that are not technical
And just to point out , you haven’t gotten a single serious reply on what you were asking for. The code, the library itself.
The consensus seems to be: please change the name. Make it APIXex, that would be my preference. Can be read X as in cross and ex same as elixir extension. And, it can be read as sex still.
but seriously, there are far too many people getting offended at the possibility of someone else finding the name offensive. There’s another thread about why people are leaving Elixir and the community of SJWs and virtue signallers is high up on my list.
Will change to something more neutral like APISec as suggested!
Also this is part of a bigger project I’m working on and as far as I seen few people use external OAuth2 servers, so I published that just in case it’d be useful to someone out there but there already are plugs for 99% of common use-cases (cookie-based, JWT based, etc.). So lesson learned: not being to playful with lib names
Also, I remember talking to architects about API Gateways and they actually quite often ended up having an instance of the API Gateway installed on each API instance, especially in micro-service / docker deployment contexts. And these API gateway instances mainly did security stuff (also cache and SLA management). So I’m wondering if on Erlang/Elixir stack API Gateways are needed at all.