On Wed, 2022-02-09 at 17:44 +0000, Daniel P. Berrangé wrote: > > I've not seen this kind of auth dance implemented in any software > other than TV streaming apps, and not bugzilla and not any other > bug tracker I've come across. So it is not a practical solution > today, more of a thought experiment on how API tokens could > possibly be made less awful to acquire for something like Anaconda > or Abrt. Firefox does something similar for signing new instances of Firefox into your account for syncing. I've also seen it on a couple other things but can't quite put my finger on what at the moment. The other way we handle something like this is for FAS authentication; if you try and use e.g. the Bodhi CLI client without being logged in, it will print a browser URL and try to open a browser at that URL automatically, you log in through the browser and a key/token is made available to the app to store for future non-interactive logins. But really, the problem here is not so much "let's come up with an elegant design" as "um it seems like things are going to break catastrophically in 19 days, we need to do something really quite urgently to make that not happen". -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
