From 47adef5e75e06407b6692a64d7d67de620156c70 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Sat, 30 Jun 2018 16:15:29 -0700
Subject: notes from auth research

---
 notes/auth_thoughts.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 notes/auth_thoughts.txt

(limited to 'notes')

diff --git a/notes/auth_thoughts.txt b/notes/auth_thoughts.txt
new file mode 100644
index 00000000..3ccaf668
--- /dev/null
+++ b/notes/auth_thoughts.txt
@@ -0,0 +1,12 @@
+
+For users: use openid connect (oauth2) to sign up and login to web app. From
+web app, can create (and disable?) API tokens
+
+For impl: fatcat-web has private key to create tokens. tokens used both in
+cookies and as API keys. tokens are macaroons (?). fatcatd only verifies
+tokens. optionally, some redis or other fast shared store to verify that tokens
+haven't been revoked.
+
+Could use portier with openid connect as an email-based option. Otherwise,
+orcid, github, google.
+
-- 
cgit v1.2.3