Platform Passwords & Auth Tokens

This is a discussion of where we want to go with auth for the platform (passwords, oauth tokens, password reset, etc)

Note: This is a different discussion from private key identity (which can be found over here)

Immediate problems to solve:

  • User wants to change their password
  • User forgets and needs to reset their password
  • User doesn’t want to store “password” in .fission.yaml

Change Password

This can be accomplished with a fairly simple api route, and a CLI command that calls that route. For resetting a heroku password, user’s can just use curl

Forgot & Reset Password

For this, we’ll need either email recovery or integration with other services that provide OAuth tokens (ie Github/Twitter)
Questions/concerns:

  • where to signup with social services? CLI pops open a web browser to acquire tokens?
  • not all users have email
  • do we require users to have either email or a linked social account

Don’t store “password” in .fission.yaml

We’ll need to create an OAuth token for our application that’s gotten on login, and stored in .fission.yaml instead of the password