Closed
Bug 858104
Opened 12 years ago
Closed 12 years ago
How should non-fireplace consumers login
Categories
(Marketplace Graveyard :: API, defect, P4)
Tracking
(Not tracked)
RESOLVED
FIXED
2013-04-11
People
(Reporter: andy+bugzilla, Unassigned)
References
Details
In bug 827948 we are proposing adding in the standard 3 legged oauth experience. However we now have the shared secret system: http://zamboni.readthedocs.org/en/latest/topics/api.html#shared-secret Should we recommend external consumers create their own auth system in the clients using the shared secret, or should consumers use the OAuth. Do we need both? If the shared secret one is "special" should we put that at a special URL and designate it as such?
Comment 1•12 years ago
|
||
What is the incentive to use OAuth-based authentication for a consumer? It's more code, it's more complex, and there's nothing stopping them from using the shared secret authentication. If a consumer is using Persona (as they should be), implementing OAuth adds another layer of complexity over shared secret auth (which matches the model for non-API Persona authentication).
Reporter | ||
Comment 2•12 years ago
|
||
Its less code if they already have OAuth consumer libraries for doing it. The chances are that they do. I doubt many consumers will be using Persona, but they might, dunno.
Reporter | ||
Updated•12 years ago
|
Priority: -- → P4
Comment 3•12 years ago
|
||
We're moving forward on standard oauth, but that's not mutually exclusive with the shared secret. We'll continue to do persona based logins as we do now. Large API consumers will expect oauth.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Target Milestone: --- → 2013-04-11
You need to log in
before you can comment on or make changes to this bug.
Description
•