Ovyerus
commented
4 years ago I reckon we should use Reddit OAuth for third party logins, seeing as we'll be dealing with some stuff from them anyway.
Open sr229 opened 4 years ago
Ovyerus
commented
4 years ago I reckon we should use Reddit OAuth for third party logins, seeing as we'll be dealing with some stuff from them anyway.
sr229
commented
4 years ago the way I see it we might also add integration from them as well if our URL got posted there
Ovyerus
commented
4 years ago What do you mean?
sr229
commented
4 years ago @Ovyerus Redditbooru automatically checks if certain link exists on Reddit, if it does then it provides some metadata but I don't think we should do that.
sr229
commented
4 years ago Assigning @Ovyerus for this. We can use the OAuth spec for this so you can bother around by supporting Reddit first. You can do Discord as well if it fancies you.
sr229
commented
4 years ago This would be our Login Flow:
redditLink.
redditLink, then proceed with just Login, if not, redirect them to the checkpoint page where a reCaptcha page would validate them if its a robot. Once validated, perform a POST to /api/user/.
We have the option to use two of the following:
an dApps Auth using your Ethereum wallet as your credentials, preferrably MetaMask.
classic SSO by a third party.
This should allow us to implement permissions for #2.