Closed Bug 858104 Opened 12 years ago Closed 12 years ago

How should non-fireplace consumers login

Categories

(Marketplace Graveyard :: API, defect, P4)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED FIXED
2013-04-11

People

(Reporter: andy+bugzilla, Unassigned)

References

Details

In bug 827948 we are proposing adding in the standard 3 legged oauth experience. However we now have the shared secret system:

http://zamboni.readthedocs.org/en/latest/topics/api.html#shared-secret

Should we recommend external consumers create their own auth system in the clients using the shared secret, or should consumers use the OAuth. Do we need both? If the shared secret one is "special" should we put that at a special URL and designate it as such?
What is the incentive to use OAuth-based authentication for a consumer? It's more code, it's more complex, and there's nothing stopping them from using the shared secret authentication. If a consumer is using Persona (as they should be), implementing OAuth adds another layer of complexity over shared secret auth (which matches the model for non-API Persona authentication).
Its less code if they already have OAuth consumer libraries for doing it. The chances are that they do. I doubt many consumers will be using Persona, but they might, dunno.
Priority: -- → P4
Blocks: 827948
We're moving forward on standard oauth, but that's not mutually exclusive with the shared secret.  We'll continue to do persona based logins as we do now.  Large API consumers will expect oauth.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-04-11
You need to log in before you can comment on or make changes to this bug.