BMO/Meetings/2015-03-03
From MozillaWiki
- [mcote] Walk through the ideal authentication scenario with a GitHub account, logging into MozReview, with BMO in the background.
- [glob] REST and authenticated GET requests (again)
- i cannot find any documented reason why we don't allow these
- industry standard appears to be:
- http auth over https (not an option)
- cookie/session
- query authentication with additional signature parameters
- we effectively already have a session token, in the form of api_token (not api-keys)
- i propose:
- allow user/pass, api-key and api-token+cookie GET requests
- [glob] dkl asked for a live demo of the modal UI. happy to do so if there's time