Alex Kocharin schreef op 03-11-14 om 22:34:
03.11.2014, 23:59, "Sam Roberts" <[email protected]>:
Have you considered OAUTH, so that passwords don't flow through your
server at all?
Given the controversy around oauth2 [4]
One loud critic doesn't equate to a controversy.
Yes, it does if arguments he makes are valid.
oauth and oauth2 are completely different things though. First one is a good
thing that worth looking into, although signature is a bit too complex. Second
one isn't even a proper standard, because there is no interoperability.
I'm curious about browserid though. Is it already used somewhere in the wild?
Well by Persona, which is a project originally started by Mozilla.
Unfortunately they dropped it earlier this year though it seems like the
community took over [1][2]. You can still login using Persona on
different Mozilla websites, not sure about it's adoption outside of Mozilla.
Personally I'm not interested in protocols based on HTTP [3]. And the
server I'm currently building uses a very simple JSON (for initial auth)
+ BSON (for data) wire protocol over TCP.
[1] https://github.com/mozilla/persona
[2]
http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership
[3]
https://groups.google.com/forum/?fromgroups=&hl=nl#!searchin/mozilla.dev.identity/timkuijsten/mozilla.dev.identity/L2ETKkdMv8g/q3ffwFaJgl0J
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/5457F860.10207%40netsend.nl.
For more options, visit https://groups.google.com/d/optout.
