BMO/Meetings/2015-03-03

From MozillaWiki
< BMO‎ | Meetings
Jump to: navigation, search
  • [mcote] Walk through the ideal authentication scenario with a GitHub account, logging into MozReview, with BMO in the background.
  • [glob] REST and authenticated GET requests (again)
    • i cannot find any documented reason why we don't allow these
    • industry standard appears to be:
      • http auth over https (not an option)
      • cookie/session
      • query authentication with additional signature parameters
    • we effectively already have a session token, in the form of api_token (not api-keys)
    • i propose:
      • allow user/pass, api-key and api-token+cookie GET requests
  • [glob] dkl asked for a live demo of the modal UI. happy to do so if there's time