On 25/06/2016 18:32, Gabriel Ivașcu wrote: >> Longer term, we have a number of new security features in the pipeline >> that will give us better alternatives to just outright blocking >> requests. For example, we will soon allow you to do an email >> confirmation loop that verifies a login as legitimate, no matter how >> "suspicious" the request may have seemed according to our operational >> security rules. > > Will these features be documented somewhere? I'm interested in how the > client flow should work.
They will be documented, as they come online, most likely as part of our API documentation here: https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md However, we're going to try to move away from having FxA consumers directly access this API, and move towards a more traditional OAuth flow that uses this API under the hood. If you're working on integrating FxA/Sync with something specific, I'd love to hear more about it so that we can feed your use-case into our longer-term plans. Cheers, Ryan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
