diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2018-06-30 16:15:29 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2018-06-30 16:15:29 -0700 |
commit | 47adef5e75e06407b6692a64d7d67de620156c70 (patch) | |
tree | 5a48b34411571af154c320c97da4bcffce84187b | |
parent | fd79a4d89ff1da25160bd7ab7ae1758ca59bd3f0 (diff) | |
download | fatcat-47adef5e75e06407b6692a64d7d67de620156c70.tar.gz fatcat-47adef5e75e06407b6692a64d7d67de620156c70.zip |
notes from auth research
-rw-r--r-- | notes/auth_thoughts.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/notes/auth_thoughts.txt b/notes/auth_thoughts.txt new file mode 100644 index 00000000..3ccaf668 --- /dev/null +++ b/notes/auth_thoughts.txt @@ -0,0 +1,12 @@ + +For users: use openid connect (oauth2) to sign up and login to web app. From +web app, can create (and disable?) API tokens + +For impl: fatcat-web has private key to create tokens. tokens used both in +cookies and as API keys. tokens are macaroons (?). fatcatd only verifies +tokens. optionally, some redis or other fast shared store to verify that tokens +haven't been revoked. + +Could use portier with openid connect as an email-based option. Otherwise, +orcid, github, google. + |