The Dog Food milestone
- Paging [http://www.flickr.com/photos/43332657@N06/4475095286/in/pool-raindropdesign/ mockup
- Newsletters, Bulk Messages without Conversations
- Grouping for Filter Points
- Delivery options for Filter Points
- Reusing Filter Points above
- Simple and common UI for choosing how messages are delivered
- Delivery Options
- Bulk Sidebar
- Daily Summary
- A final option when not showing conversations in either the Inflow or Sidebar
- Every morning a summary of unseen conversations is delivered to the Inflow
- Performance work??
Update hosting version with OAuth support
(i.e. http://raindrop.mozillamessaging.com/ for everyone)
Twitter supports oauth for accessing their API, and GMail has enabled oauth for the IMAP and SMTP: http://code.google.com/apis/gmail/oauth/
We should try to convert to using OAUTH tokens instead of storing names/passwords. Here is an outline of the work involved:
A general flow for OAuth with Google is outlined here: http://code.google.com/apis/accounts/docs/OAuth.html
For Raindrop Hosted, we should register with Google: http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
We should try to use the HMAC-SHA1 to avoid the certificate storage.
Issue: the registration requires verifying the domain by having Google fetch a file from the domain. This does not work so well for our local box dev setup.
The Python part of Raindrop may want to use the .raindrop file to store the oauth_consumer_key that we receive from Google when registering.
1) User clicks "Auth with Google" or some such button. That request goes to a Raindrop python API endpoint that will make a request to Google to get a Request Token: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken
Call the Raindrop API server endpoint _api/oauth/request?provider=gmail. For twitter we could use provider=twitter.
The Python code, when asking for a request token passes oauth_callback=http://raindrop.domain/raindrop/_api/oauth/authorized_request_token
2) When the Python API call gets the Request Token result, it will take the information and send a 302 redirect Google, using a request a specified here: http://code.google.com/apis/accounts/docs/OAuth_ref.html#GetAuth
For the scope= arg use "https://mail.google.com/"
3) After the user confirms the result, Google will send the user back to Raindrop at the http://raindrop.domain/raindrop/_api/oauth/authorized_request_token
Our authorized_request_token Python endpoint will take the oauth_token received as a GET URL param and the use it to contact Google to get an authorized Access Token: http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken
When Google responds to the request, it will give the python code a oauth_token and oauth_token_secret values. These should be saved in the .raindrop file for use with the IMAP and SMTP calls.
The python should redirect the user back to raindrop/signup/auth.html#finished:provider=gmail
The UI will tell the user that we can now connect to Google.
4) run-raindrop.py's sync-messages uses the oauth_token and oauth_token_secret values to construct the IMAP and SMTP requests as outlined here: http://code.google.com/apis/gmail/oauth/
This page outlines the protocol: http://code.google.com/apis/gmail/oauth/protocol.html
there is a Python example here: http://code.google.com/apis/gmail/oauth/code.html
Back end should use the oauth pathways to talk to the message service providers if the oauth= stuff is in the config.