Skip to content

Commit 4188ba4

Browse files
djmitchedjmitche
committed
Fix some inconsistencies in the proposal
None of these materially change the proposal, but clarify its meaning * fix PR link in header * remove command-line logins as a requirement (since it's not met) * remove mention of temporary credentials in "big picture" * include a sentence confirming that the resulting credentials are not temporary (this was already implicit)
1 parent e6ee369 commit 4188ba4

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

rfcs/0147-third-party-login.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# RFC 147 - Third-Party Login
2-
* Comments: [#147](https://api.github.com/repos/taskcluster/taskcluster-rfcs/issues/147)
2+
* Comments: [#147](https://github.com/taskcluster/taskcluster-rfcs/pull/147)
33
* Proposed by: @djmitche
44

55
# Background
@@ -59,7 +59,6 @@ The page presents the requested information to the user for consent, and then re
5959

6060
## Requirements
6161

62-
* Support command-line logins
6362
* Support third-party logins
6463
* Support issuing limited-authorization credentials
6564
* Support whitelisting some third parties
@@ -78,7 +77,7 @@ The result is similar to a normal OAuth authorization-code flow, but resulting i
7877
## Implementation
7978

8079
The "big picture" here is that a Taskcluster deployment acts as an OAuth2 authorization server and resource server.
81-
The "resource" that the deployment protects is temporary Taskcluster credentials.
80+
The "resource" that the deployment protects is Taskcluster credentials.
8281
Thus a client carries out a standard OAuth2 authorization transaction, then uses the resulting `access_token` to request Taskcluster credentials as needed.
8382

8483
The deviations from OAuth2 are as follows:
@@ -213,6 +212,8 @@ The client indicated in the credentials has the clientId described above, and as
213212
It will be automatically disabled if the user's access no longer satisfies its scopes.
214213
The client can also be disabled or deleted manually in the event of compromise.
215214

215+
This endpoint does not produce temporary credentials, as such credentials are not revocable.
216+
216217
## Transition Period
217218

218219
The new flow proposed here will be implemented on the new deployment scheduled to go into production in September 2019.

0 commit comments

Comments
 (0)