On 8/01/2015 04:29, Christopher Karlof wrote:
We support an implicit grant flow, but it requires being able to create BrowserID assertions (which requires an FxA auth server session token, which requires the user’s FxA password at some point). The use case we’re currently targeting with implicit grants is when the user has logged in to one of our user agents (Firefox Desktop, Fennec, FxOS, etc) and needs to access FxA attached APIs (e.g., reading list, profile data, etc.). We’re not so much focused on supporting general server-less apps yet, particularly third-party ones. What use case are you trying to address? FYI, Here’s the API endpoint in the OAuth server to use implicit grants: https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1authorization
This endpoint is also (soon to be, after branch merge) exposed in PyFxA if you want to play around with the flow:
https://github.com/mozilla/PyFxA/blob/rfk/assertion-and-oauth-helpers/fxa/oauth.py#L118 Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
