April 10, 2013
1 a.m.
For the GSoC REST API project, I've been wondering about how authentication would work.
OAuth is a way to go if we want authenticated/signed requests. I have a few questions regarding that.
Will Mailman core become an OAuth provider, with Postorius/API being the consumers?
If the answer to the above is no, is the plan to support populer OAuth providers like Facebook/Twitter ? (If not, can you guys please explain how would the authentication protocol really work?)
Since Postorius is already using Mozilla Persona, can that also be used to provide authentication to API clients?
Am I over-thinking this? :)
Thanks!