tilgovi
commented
10 years ago I reconsider this and decide it doesn't make any damn sense.
Closed tilgovi closed 10 years ago
tilgovi
commented
10 years ago I reconsider this and decide it doesn't make any damn sense.
With an OAuth Consumer as a support authentication policy in hypothesis/h the easiest way to negotiate single sign-on would be if the API Token URL pointed to the FxA OAuth Authorization Endpoint with hard coded client application credentials. When pre-authorized, assuming no problems with third party cookie restrictions, the Annotator would be transparently redirected back to the API Token Endpoint (different from the URL: the endpoint is H API while the URL would be FxA) with OAuth Client Authorization credentials.
A slight modification would be to reframe this as a configuration of the Login Endpoint and URL, which might make the flow more sensible for hypothesis/h with respect to populating the session.