|
|
| Line 32: |
Line 32: |
| === Authentication === | | === Authentication === |
|
| |
|
| | F1, or any other browser feature that uses WMF, does not get involved in the user's authentication with the WebMod's backend server beyond coordinating the WebMod's UI needs. Specifically: |
|
| |
|
| Ideally, F1 would not get involved in authentication other than creating a window for it to happen in. The login window itself could use whatever mechanism it liked for storing the credentials (eg, in localstorage for that domain, a cookie, etc) and the service endpoint (hosted by the same domain as the login url) could read it. F1 need not make any policy decision about how and where anything related to authentication is stored.
| | * WMF asks the WebMod its login status. |
| | | * the WebMod may return a user-information blob, or a "need-to-login" message. |
| The descriptions below attempt to define the postMessage APIs such that the above remains true while (optionally) allowing an app to support multiple concurrent accounts being used (eg, having 2 twitter accounts configured.) But this hasn't been given a huge amount of thought and needs to be carefully considered.
| | * When WMF receives a "need-to-login" message from the WebMod, it opens up a pop-up to the WebMod's preferred login URL. |
|
| |
|
| === F1-Specific Features === | | === F1-Specific Features === |