From 5e138c0cf74c68cbf0892437d9081f4132236ef4 Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Mon, 7 Jan 2019 17:44:36 -0800 Subject: more auth notes --- notes/auth.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/notes/auth.md b/notes/auth.md index 1918dc82..b73ce343 100644 --- a/notes/auth.md +++ b/notes/auth.md @@ -201,6 +201,16 @@ Looked at a few other options for managing use accounts: public infrastructure. - having webface generate macaroons itself +Will probably eventually need to support multiple logins per editor account. +Shouldn't be too hard, but will require additional API endpoints (POST with +`editor_id` included, DELETE to remove, etc). + +On mobile folks might not be signed in to as many accounts, or it might be +annoying to enter long/secure passwords (eg, to login to github). Could get +around this with "login via token via QR code" with long/unlimited expiry. +Might make more sense to support google OIDC as my guess is that many (most?) +people have a google account logged in on their phone. + ## Implementation Notes To start, using the `loginpass` python library to handle logins, which is built -- cgit v1.2.3