Re: Merging oauth-server into auth-server
On Thu, Oct 18, 2018 at 1:33 PM Vlad Filippov wrote: > Hi all, > > We are in the process of merging the oauth-server into auth-server[1]. > This has been a proposal for several years now. The best time to do this > was years ago, the second best time is now. > Can we get some discussion of why we didn't build oauth support into `fxa-auth-server` to begin with? I recall there was a desire to isolate potentially security sensitive code (much of which is centralized in the customs server now?). Why are the reasons we made a decision years ago no longer appropriate? Nick ___ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct
Merging oauth-server into auth-server
Hi all, We are in the process of merging the oauth-server into auth-server[1]. This has been a proposal for several years now. The best time to do this was years ago, the second best time is now. Short-term benefits: - Support Reference Browser login flow - Support Send Tab + OAuth projects - Better developer ergonomics Long-term benefits: - Ability to send emails and push notifications based on OAuth actions - Simplifying auth-server architecture - Hopefully getting rid of assertions - and more! Let me know if you have thoughts on this change, Vlad [1] - https://github.com/mozilla/fxa-auth-server/issues/2668 ___ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct