Hi! Over the past couple of months it has become abundantly clear that we (FxA) do not provide sufficient guidance to new OAuth reliers on either the mechanics of integrating with FxA or the responsibilities of doing so. A few quick examples:
1. We have seen multiple instances where "email-first" reliers did not know they needed to integrate with our metrics pipeline. 2. Nearly everyone asks which scopes they need. 3. For GDPR compliance, all reliers should delete user data whenever a user deletes their FxA account. I want to document things like these so that new reliers can get up and running with minimal fuss and minimal confusion. I have started an outline of topics to cover <https://docs.google.com/document/d/18l-EKwDyKwnUYUsvtud7j6AwfOe_ZA93YEkrBIjJe1Y/edit> and am sharing this outline in its infancy to ask for your help in adding topics you feel should be covered. I have cc'd several folks who have recently gone through the integration process and have felt the pain firsthand. They have the best knowledge of anybody about what info they wish they had. Thanks, Shane
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
