Confirmed users
99
edits
Labs/F1/Modularity: Difference between revisions
notes about the blob and PoCo format
(Update authentication process.) |
(notes about the blob and PoCo format) |
||
| Line 45: | Line 45: | ||
** Information about the currently logged in user. This information has 2 parts: | ** Information about the currently logged in user. This information has 2 parts: | ||
*** User information returned in Portable Contacts (PoCo) format. This includes information such as their display name, username, preferred avatar, etc. | *** User information returned in Portable Contacts (PoCo) format. This includes information such as their display name, username, preferred avatar, etc. | ||
NOTE: It isn't clear PoCo is the correct choice here. At a minimum we | |||
probably need fields beyond what PoCo offers (eg, URL to the "my account" | |||
page, etc) so we at least need to spec them and also spec which of the | |||
PoCo fields we will actually look for. | |||
*** An optional user-credentials blob which may be stored by the framework. This blob will never be introspected by the framework (ie, it really is a blob) but will be passed back in subsequent ''getLogin'' calls. | *** An optional user-credentials blob which may be stored by the framework. This blob will never be introspected by the framework (ie, it really is a blob) but will be passed back in subsequent ''getLogin'' calls. | ||
** A "need-to-login" json object. This object may contain multiple supported login methods, but in the first version the only supported method will be "dialog", where a service supplied URL is opened in a popup Window. | ** A "need-to-login" json object. This object may contain multiple supported login methods, but in the first version the only supported method will be "dialog", where a service supplied URL is opened in a popup Window. | ||
| Line 61: | Line 67: | ||
sites manage to handle auth without a special secure storage helper - why | sites manage to handle auth without a special secure storage helper - why | ||
can't WebMods just use those existing practices (and update to better | can't WebMods just use those existing practices (and update to better | ||
practices as they become known and rolled out for the site itself) | practices as they become known and rolled out for the site itself)? | ||
If the credentials blob is a true blob (ie, may contain binary data) then | |||
some consideration might need to be given to passing this around. I suspect | |||
we want to define this as a simple string, and therefore force the WebMod | |||
to do its own encoding before passing it back to us. | |||
==== Logout ==== | ==== Logout ==== | ||