more auth notes

author: Bryan Newbold <bnewbold@robocracy.org> 2019-01-07 17:44:36 -0800
committer: Bryan Newbold <bnewbold@robocracy.org> 2019-01-07 17:44:36 -0800
commit: 5e138c0cf74c68cbf0892437d9081f4132236ef4 (patch)
tree: ac4eafb78d75e3eddc56f3f69aa6794772ff7be6 /notes/auth.md
parent: 5d5a5648cb480e05c4253c954c71094c7251b65a (diff)
download: fatcat-5e138c0cf74c68cbf0892437d9081f4132236ef4.tar.gz
fatcat-5e138c0cf74c68cbf0892437d9081f4132236ef4.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/notes/auth.md b/notes/auth.md
index 1918dc82..b73ce343 100644
--- a/notes/auth.md
+++ b/notes/auth.md
@@ -201,6 +201,16 @@ Looked at a few other options for managing use accounts:
   public infrastructure.
 - having webface generate macaroons itself
 
+Will probably eventually need to support multiple logins per editor account.
+Shouldn't be too hard, but will require additional API endpoints (POST with
+`editor_id` included, DELETE to remove, etc).
+
+On mobile folks might not be signed in to as many accounts, or it might be
+annoying to enter long/secure passwords (eg, to login to github). Could get
+around this with "login via token via QR code" with long/unlimited expiry.
+Might make more sense to support google OIDC as my guess is that many (most?)
+people have a google account logged in on their phone.
+
 ## Implementation Notes
 
 To start, using the `loginpass` python library to handle logins, which is built
author	Bryan Newbold <bnewbold@robocracy.org>	2019-01-07 17:44:36 -0800
committer	Bryan Newbold <bnewbold@robocracy.org>	2019-01-07 17:44:36 -0800
commit	5e138c0cf74c68cbf0892437d9081f4132236ef4 (patch)
tree	ac4eafb78d75e3eddc56f3f69aa6794772ff7be6 /notes/auth.md
parent	5d5a5648cb480e05c4253c954c71094c7251b65a (diff)
download	fatcat-5e138c0cf74c68cbf0892437d9081f4132236ef4.tar.gz fatcat-5e138c0cf74c68cbf0892437d9081f4132236ef4.zip