Keen's scoped keys are impossible to use #2
Comments
|
Also should mention exposing read keys in a public integration is a really bad idea :\ |
ndhoule
changed the title
|
@dustinlarimer Can you clarify? Not sure if you're pointing to the integration itself or to @d4rky-pl's use case. |
|
@ndhoule sorry, that was vague. But first, let me make sure I'm not misunderstanding how this is set up. Providing a read key in the admin panel means it gets beamed down to every initialization of the client, along with all of the other configs.. is that correct? |
|
@dustinlarimer: Ah, looks like @d4rky-pl's choice of words—we have users provide a write key in the Segment panel. That write key does get beamed down to all clients, yes, just like if you were to set up the Keen script directly. As an advanced option, you can optionally specify a read key, but that's not required. Relevant docs and LOCs: https://segment.com/docs/integrations/keen-io/#settings |
|
Ok, cool - thanks for clarifying! Would you mind emailing me 1:1 quick?
|
|
dustin@keen.io
|
|
Just to make sure we're on the same page here - Segment provides it's own version of keen.js and we cannot provide initialization options to it other than the ones in admin panel. If I recall correctly (note that this issue was reported a while ago) it was either impossible or non trivial to swap the readKey dynamically. That readKey should be provided only when needed and only for authorized user anyway so it's not a good idea to have it there. It also makes it impossible to use https://keen.io/docs/security/#scoped-key Our use case is giving multiple users access to personal statistics for the content they provided. The scoped key is then used to make sure they only can access data with their user_id attached. This was also the reason I reported #1, because we're using keen's excellent library for visualisations. |
|
@d4rky-pl yep, I hear ya – what do you think about hiding the Segment-initialized client and version of keen-js entirely, so you can load our full library on your own and use it however you like? |
|
@dustinlarimer That's OK for me but mobile and performance-oriented folks might not like having the user download the same library twice |
|
@d4rky-pl I agree completely – we're working on splitting the lib out into lightweight modules for that exact reason. Ideally, segment's integration would load an even smaller tracking-only version, and then you could pull in the query+dataviz distro whenever it makes sense. |
From @d4rky-pl on April 14, 2015 12:21
When we add Keen.io integration to Segment it forces us to provide read key in admin panel rather than anywhere in the code. This makes it impossible to use Keen's scoped keys as they are generated and can be unique for example per app user.
Copied from original issue: segmentio/analytics.js-integrations#591
The text was updated successfully, but these errors were encountered: