On 12/10/14, 10:54 AM, Nick Alexander wrote:
Am 09.12.2014 um 18:34 schrieb Edwin Wong <[email protected]>:
It would be great if we could sign into FxA via OAuth in the
firefox.com domain. So users don’t have to hand their password to a
3rd party. I don’t know of a facility that would enable this inside a
iOS/android app.
2) FxA providing Sync keys. The scheme suggested above, where the App
"only needs" authPW and unwrapBkey gives the requesting App *complete
control of the Firefox Account*. That's not a thing that should be
handed to any 3rd party, ever.
We have discussed exposing "scoped cryptographic keys" to 3rd party Apps
and/or web content, but I have heard of no particular plans to implement
anything in this direction.
I have particular plans to experiment with this as an extension of the
oauth flow, but it's a low-priority project since we don't have any
non-hypothetical consumers of such an API at this time.
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
