Labs/F1/Modularity: Difference between revisions

Labs/F1/Modularity (view source)

171 bytes added , 8 June 2011

668

edits

@@ Line 42: / Line 42: @@
 ** a user-information blob, or
 ** a "need-to-login" message.
-* When WMF receives a "need-to-login" message from the WebMod, it opens up a pop-up to the WebMod's preferred login URL.
+* When WMF receives a "need-to-login" message from the WebMod, it opens up a pop-up to the WebMod's preferred login URL, which is indicated as a parameter in the need-to-login message..
-* The WebMod is then responsible for authenticating the user however it sees fit, likely by prompting, within the dialog, for username and password.
+* The WebMod is then responsible for authenticating the user however it sees fit, in its own HTML content window, likely by prompting for username and password. (That said, OpenID, OAuth, Verified Email, client-side certs, ... can be used at this point.)
 * Once a user has successfully logged in, the WebMod messages WMF back with an optional opaque ''credentials'' JavaScript object, which WMF stores securely. The use of ''credentials'' helps when a user wants to invoke the WebMod with different identities, e.g. two Twitter identities.
 * WMF then messages the WebMod IFRAME with a ''login()'' call including the ''credentials'' object it received and stored. The WebMod should, at this point, respond with an ''ok'' message including user identity details (display name, username, potentially a profile photo URL, ..)