On 8/01/2015 18:32, Tarek Ziade wrote:
On Wed, Jan 7, 2015 at 9:38 PM, Ryan Kelly <[email protected] <mailto:[email protected]>> wrote: On 8/01/2015 04:29, Christopher Karlof wrote:We support an implicit grant flow, but it requires being able to create BrowserID assertions (which requires an FxA auth server session token, which requires the user’s FxA password at some point). The use case we’re currently targeting with implicit grants is when the user has logged in to one of our user agents (Firefox Desktop, Fennec, FxOS, etc) and needs to access FxA attached APIs (e.g., reading list, profile data, etc.). We’re not so much focused on supporting general server-less apps yet, particularly third-party ones. What use case are you trying to address? I am building a demo of a client-side javascript app that is going to interact with two distinct FxA providers. The first version had a server-side piece but that's gone. The use case is to connect to FxA and use that credential to interact with the two services.
Yep, the OAuth2 RFC explicitly calls this out as one of the core use-cases for the implicit grant flow:
http://tools.ietf.org/html/rfc6749#section-1.3.2 http://tools.ietf.org/html/rfc6749#section-4.2 Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
