From 5e138c0cf74c68cbf0892437d9081f4132236ef4 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Mon, 7 Jan 2019 17:44:36 -0800
Subject: more auth notes

---
 notes/auth.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'notes')

diff --git a/notes/auth.md b/notes/auth.md
index 1918dc82..b73ce343 100644
--- a/notes/auth.md
+++ b/notes/auth.md
@@ -201,6 +201,16 @@ Looked at a few other options for managing use accounts:
   public infrastructure.
 - having webface generate macaroons itself
 
+Will probably eventually need to support multiple logins per editor account.
+Shouldn't be too hard, but will require additional API endpoints (POST with
+`editor_id` included, DELETE to remove, etc).
+
+On mobile folks might not be signed in to as many accounts, or it might be
+annoying to enter long/secure passwords (eg, to login to github). Could get
+around this with "login via token via QR code" with long/unlimited expiry.
+Might make more sense to support google OIDC as my guess is that many (most?)
+people have a google account logged in on their phone.
+
 ## Implementation Notes
 
 To start, using the `loginpass` python library to handle logins, which is built
-- 
cgit v1.2.3