admin/UBER-EATS-Wrapper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
UBER-EATS-Wrapper/docs/developer-portal/02-authentication-audit.md

1.2 KiB
Raw Blame History

02 Authentication Audit

Source checked: Uber Eats "Authentication" section shared by you.

Implemented Now

  • OAuth endpoints aligned to auth.uber.com in environment defaults.
  • Authorization URL default scope changed to eats.pos_provisioning (authorization_code flow use case).
  • Added cached client_credentials token retrieval to reduce token churn.
  • Added token request tracking and soft guard near rate limit (100/hour).
  • Added domain pairing status endpoint:
    • GET /api/v1/auth/uber/domain-pairing-status
  • Added auth capabilities endpoint listing grant types/scopes/rate metadata:
    • GET /api/v1/auth/uber/capabilities
  • Updated proxy auth model:
    • default regular API calls use app-level client_credentials token
    • optional authMode=merchant for merchant OAuth token calls

Existing From Earlier

  • Authorization code callback exchange
  • Merchant token refresh route
  • Manual merchant connection storage

Pending / Needs More Official Docs

  • Exact endpoint-by-endpoint scope mapping table enforcement in code
  • Full activation/provisioning flow routes (beyond auth callback)
  • Token revocation handling if Uber publishes endpoint/process details