Closed vladikoff closed 6 years ago
Perhaps we should aim to do this as a point-release so we can carefully QA it (perhaps with that other breaking OAuth change, if we don't manage to confirm it from request logs?)
This is for train-109, I will add a TODO to check Kinto, let me know if there are other ones
@rfk and to finally fix the issue we can remove the email boolean in train-110 maybe?
let me know if there are other ones
I can't think of any TBH, at least not any that are so old that they'd be depending on the email being there.
@rfk and to finally fix the issue we can remove the email boolean in train-110 maybe?
👍, assuming that nobody is actually sending it with email: false
:-)
Actually, I've been thinking about this wrong. The change is on the
/v1/verify
endpoint, which is not used by OAuth reliers like AMO or Pontoon. It's used by OAuth service providers like fxa-basket-proxy and fxa-profile-server and Kinto. I'm fairly confident our own SPs have been updated, and Kinto has no reason to be using it, so the potential fallout seems lower here.