Closed vladikoff closed 6 years ago
vladikoff
commented
6 years ago Perhaps we should aim to do this as a point-release so we can carefully QA it (perhaps with that other breaking OAuth change, if we don't manage to confirm it from request logs?)
This is for train-109, I will add a TODO to check Kinto, let me know if there are other ones
vladikoff
commented
6 years ago @rfk and to finally fix the issue we can remove the email boolean in train-110 maybe?
rfk
commented
6 years ago let me know if there are other ones
I can't think of any TBH, at least not any that are so old that they'd be depending on the email being there.
@rfk and to finally fix the issue we can remove the email boolean in train-110 maybe?
👍, assuming that nobody is actually sending it with email: false :-)
Actually, I've been thinking about this wrong. The change is on the
/v1/verifyendpoint, which is not used by OAuth reliers like AMO or Pontoon. It's used by OAuth service providers like fxa-basket-proxy and fxa-profile-server and Kinto. I'm fairly confident our own SPs have been updated, and Kinto has no reason to be using it, so the potential fallout seems lower here.