This is a discussion of where we want to go with auth for the platform (passwords, oauth tokens, password reset, etc)
Note: This is a different discussion from private key identity (which can be found over here)
Immediate problems to solve:
- User wants to change their password
- User forgets and needs to reset their password
- User doesn’t want to store “password” in
.fission.yaml
Change Password
This can be accomplished with a fairly simple api route, and a CLI command that calls that route. For resetting a heroku password, user’s can just use curl
Forgot & Reset Password
For this, we’ll need either email recovery or integration with other services that provide OAuth tokens (ie Github/Twitter)
Questions/concerns:
- where to signup with social services? CLI pops open a web browser to acquire tokens?
- not all users have email
- do we require users to have either email or a linked social account
Don’t store “password” in .fission.yaml
We’ll need to create an OAuth token for our application that’s gotten on login, and stored in .fission.yaml instead of the password