Discussion:
Goldilocks API?
Andrew Ducker
2015-03-15 16:47:06 UTC
Permalink
Was the Goldilocks API ever published?

At the moment I've got a situation where occasionally my own login cookies let the user in, and then a few seconds later Persona says "Oh no you're not!" and effectively forces a logout.

If I remember correctly the API was going to let you run in a mode where we could use our own method to maintain login status, and just call Persona whenever we needed to log in.

Thanks,

Andy
b***@livefyre.com
2015-03-17 07:30:14 UTC
Permalink
Post by Andrew Ducker
Was the Goldilocks API ever published?
At the moment I've got a situation where occasionally my own login cookies let the user in, and then a few seconds later Persona says "Oh no you're not!" and effectively forces a logout.
If I remember correctly the API was going to let you run in a mode where we could use our own method to maintain login status, and just call Persona whenever we needed to log in.
Thanks,
Andy
FWIW That is how I've interpreted OIDC to work, and it has some nice properties for certain use-cases.

OP-initiated logout is still possible, if the RP wants to obey it: http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
Ricky G
2016-05-03 05:57:29 UTC
Permalink
Post by Andrew Ducker
Was the Goldilocks API ever published?
At the moment I've got a situation where occasionally my own login cookies let the user in, and then a few seconds later Persona says "Oh no you're not!" and effectively forces a logout.
If I remember correctly the API was going to let you run in a mode where we could use our own method to maintain login status, and just call Persona whenever we needed to log in.
Thanks,
Andy
Harry Percival
2016-05-03 06:32:39 UTC
Permalink
I came across a javascript shim Dan wrote that essentially wraps the
observer API to give you the goldilocks api:

https://gist.github.com/callahad/6807882

(discussion here
https://groups.google.com/forum/#!topic/mozilla.dev.identity/z-mVqMCwAN4)

all slightly forlorn and moot now that persona is being retired, boo hoo.
Post by Andrew Ducker
Post by Andrew Ducker
Was the Goldilocks API ever published?
At the moment I've got a situation where occasionally my own login
cookies let the user in, and then a few seconds later Persona says "Oh no
you're not!" and effectively forces a logout.
Post by Andrew Ducker
If I remember correctly the API was going to let you run in a mode where
we could use our own method to maintain login status, and just call Persona
whenever we needed to log in.
Post by Andrew Ducker
Thanks,
Andy
_______________________________________________
dev-identity mailing list
https://lists.mozilla.org/listinfo/dev-identity
Loading...