From MozillaWiki
Jump to: navigation, search

The Dog Food milestone

All Arbutus Issues


  • Refresh mockup
  • Paging [http://www.flickr.com/photos/43332657@N06/4475095286/in/pool-raindropdesign/ mockup
  • Notifications
    • Newsletters, Bulk Messages without Conversations
  • Grouping for Filter Points
  • Delivery options for Filter Points
    • Reusing Filter Points above
    • Simple and common UI for choosing how messages are delivered
    • Delivery Options
      • Inflow
      • Bulk Sidebar
      • Nothing
      • Others...
  • Daily Summary
    • A final option when not showing conversations in either the Inflow or Sidebar
    • Every morning a summary of unseen conversations is delivered to the Inflow

Front End

  • Refresh ??
  • Paging ??
  • Reply for Email #78

Back End

  • Sent Mail in Inflow ??
  • Conversation view missing messages #91
  • Performance work??


OAUTH support

Twitter supports oauth for accessing their API, and GMail has enabled oauth for the IMAP and SMTP: http://code.google.com/apis/gmail/oauth/

We should try to convert to using OAUTH tokens instead of storing names/passwords. Here is an outline of the work involved:


A general flow for OAuth with Google is outlined here: http://code.google.com/apis/accounts/docs/OAuth.html

For Raindrop Hosted, we should register with Google: http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html

We should try to use the HMAC-SHA1 to avoid the certificate storage.

Issue: the registration requires verifying the domain by having Google fetch a file from the domain. This does not work so well for our local box dev setup.

The Python part of Raindrop may want to use the .raindrop file to store the oauth_consumer_key that we receive from Google when registering.

More details:

1) User clicks "Auth with Google" or some such button. That request goes to a Raindrop python API endpoint that will make a request to Google to get a Request Token: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken

Call the Raindrop API server endpoint _api/oauth/request?provider=gmail. For twitter we could use provider=twitter.

The Python code, when asking for a request token passes oauth_callback=http://raindrop.domain/raindrop/_api/oauth/authorized_request_token

2) When the Python API call gets the Request Token result, it will take the information and send a 302 redirect Google, using a request a specified here: http://code.google.com/apis/accounts/docs/OAuth_ref.html#GetAuth

For the scope= arg use "https://mail.google.com/"

3) After the user confirms the result, Google will send the user back to Raindrop at the http://raindrop.domain/raindrop/_api/oauth/authorized_request_token

Our authorized_request_token Python endpoint will take the oauth_token received as a GET URL param and the use it to contact Google to get an authorized Access Token: http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken

When Google responds to the request, it will give the python code a oauth_token and oauth_token_secret values. These should be saved in the .raindrop file for use with the IMAP and SMTP calls.

The python should redirect the user back to raindrop/signup/auth.html#finished:provider=gmail

The UI will tell the user that we can now connect to Google.

4) run-raindrop.py's sync-messages uses the oauth_token and oauth_token_secret values to construct the IMAP and SMTP requests as outlined here: http://code.google.com/apis/gmail/oauth/

This page outlines the protocol: http://code.google.com/apis/gmail/oauth/protocol.html

there is a Python example here: http://code.google.com/apis/gmail/oauth/code.html


Back end should use the oauth pathways to talk to the message service providers if the oauth= stuff is in the config.