Closed rfk closed 5 years ago
rfk
commented
5 years ago As a quick end-of-week update, this is almost ready to go, I just need to figure out the last couple of tests. I've also split off some of what was previously here into a separate PR over in #2983, so it can be reviewed in smaller chunks.
rfk
commented
5 years ago OK, I think this piece is ready for review, modulo the question about the API docs.
rfk
commented
5 years ago Thanks @shane-tomlinson, I've made the requested changes and this should be ready to merge. Just needs a final r? from either @shane-tomlinson or @vladikoff, and to be redirected to target master once https://github.com/mozilla/fxa-auth-server/pull/2969 has landed.
rfk
commented
5 years ago redirected to target master once #2969 has landed.
Just noting this has been done, and the PR is ready to merge.
Fixes #2933.
Inspired by conversations with @shane-tomlinson and @vladikoff today, I wanted to see what it would look like to move the OAuth /authorization endpoint over to the auth-server, letting us do OAuth authorization grants directly from a sessionToken rather than having to indirect through a BrowserID assertion.
This is a sketch of what the code would look like. It obviously needs tests and docs etc before we could consider using it. But I think it came together pretty OK atop the existing "backend service" abstraction. @shane-tomlinson @vladikoff what do you think, is this worth pursuing further?