31 lines
1.2 KiB
Markdown
31 lines
1.2 KiB
Markdown
# 02 Authentication Audit
|
|
|
|
Source checked: Uber Eats "Authentication" section shared by you.
|
|
|
|
## Implemented Now
|
|
|
|
- OAuth endpoints aligned to `auth.uber.com` in environment defaults.
|
|
- Authorization URL default scope changed to `eats.pos_provisioning` (authorization_code flow use case).
|
|
- Added cached `client_credentials` token retrieval to reduce token churn.
|
|
- Added token request tracking and soft guard near rate limit (`100/hour`).
|
|
- Added domain pairing status endpoint:
|
|
- `GET /api/v1/auth/uber/domain-pairing-status`
|
|
- Added auth capabilities endpoint listing grant types/scopes/rate metadata:
|
|
- `GET /api/v1/auth/uber/capabilities`
|
|
- Updated proxy auth model:
|
|
- default regular API calls use app-level `client_credentials` token
|
|
- optional `authMode=merchant` for merchant OAuth token calls
|
|
|
|
## Existing From Earlier
|
|
|
|
- Authorization code callback exchange
|
|
- Merchant token refresh route
|
|
- Manual merchant connection storage
|
|
|
|
## Pending / Needs More Official Docs
|
|
|
|
- Exact endpoint-by-endpoint scope mapping table enforcement in code
|
|
- Full activation/provisioning flow routes (beyond auth callback)
|
|
- Token revocation handling if Uber publishes endpoint/process details
|
|
|