Open sr229 opened 4 years ago
I reckon we should use Reddit OAuth for third party logins, seeing as we'll be dealing with some stuff from them anyway.
the way I see it we might also add integration from them as well if our URL got posted there
What do you mean?
@Ovyerus Redditbooru automatically checks if certain link exists on Reddit, if it does then it provides some metadata but I don't think we should do that.
Assigning @Ovyerus for this. We can use the OAuth spec for this so you can bother around by supporting Reddit first. You can do Discord as well if it fancies you.
This would be our Login Flow:
redditLink
.
redditLink
, then proceed with just Login, if not, redirect them to the checkpoint page where a reCaptcha page would validate them if its a robot. Once validated, perform a POST to /api/user/
.
We have the option to use two of the following:
an dApps Auth using your Ethereum wallet as your credentials, preferrably MetaMask.
classic SSO by a third party.
This should allow us to implement permissions for #2.