On Wed, Jan 7, 2015 at 9:38 PM, Ryan Kelly <[email protected]> wrote:
> > > On 8/01/2015 04:29, Christopher Karlof wrote: > >> We support an implicit grant flow, but it requires being able to create >> BrowserID assertions (which requires an FxA auth server session token, >> which requires the user’s FxA password at some point). The use case >> we’re currently targeting with implicit grants is when the user has >> logged in to one of our user agents (Firefox Desktop, Fennec, FxOS, etc) >> and needs to access FxA attached APIs (e.g., reading list, profile data, >> etc.). We’re not so much focused on supporting general server-less apps >> yet, particularly third-party ones. What use case are you trying to >> address? >> > I am building a demo of a client-side javascript app that is going to interact with two distinct FxA providers. The first version had a server-side piece but that's gone. The use case is to connect to FxA and use that credential to interact with the two services. > >> FYI, Here’s the API endpoint in the OAuth server to use implicit grants: >> https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post- >> v1authorization >> > > This endpoint is also (soon to be, after branch merge) exposed in PyFxA if > you want to play around with the flow: > > > https://github.com/mozilla/PyFxA/blob/rfk/assertion-and- > oauth-helpers/fxa/oauth.py#L118 > Great, thanks for the link > > > > Cheers, > > Ryan >
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
