summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2018-06-30 16:15:29 -0700
committerBryan Newbold <bnewbold@robocracy.org>2018-06-30 16:15:29 -0700
commit47adef5e75e06407b6692a64d7d67de620156c70 (patch)
tree5a48b34411571af154c320c97da4bcffce84187b
parentfd79a4d89ff1da25160bd7ab7ae1758ca59bd3f0 (diff)
downloadfatcat-47adef5e75e06407b6692a64d7d67de620156c70.tar.gz
fatcat-47adef5e75e06407b6692a64d7d67de620156c70.zip
notes from auth research
-rw-r--r--notes/auth_thoughts.txt12
1 files changed, 12 insertions, 0 deletions
diff --git a/notes/auth_thoughts.txt b/notes/auth_thoughts.txt
new file mode 100644
index 00000000..3ccaf668
--- /dev/null
+++ b/notes/auth_thoughts.txt
@@ -0,0 +1,12 @@
+
+For users: use openid connect (oauth2) to sign up and login to web app. From
+web app, can create (and disable?) API tokens
+
+For impl: fatcat-web has private key to create tokens. tokens used both in
+cookies and as API keys. tokens are macaroons (?). fatcatd only verifies
+tokens. optionally, some redis or other fast shared store to verify that tokens
+haven't been revoked.
+
+Could use portier with openid connect as an email-based option. Otherwise,
+orcid, github, google.
+