ubuntu-phone team mailing list archive
Mailing list archive
Re: Code for Google Online account?
That's awesome and what we need for the project:
So reading up on HTTP auth -here I come!
Vänlig hälsning / Yours sincerely,
Student, Political Science
ons 2014-08-20 klockan 09:50 +0300 skrev Alberto Mardegan:
> On 08/20/2014 12:09 AM, Michał Sawicz wrote:
> > W dniu 19.08.2014 o 16:32, Daniel Holm pisze:
> >> Since I don't really know that that means anyways I'm inclined to ask
> >> what the issue with http(s) auth would be; that we would have to store
> >> username and password instead of a key?
> > Yes, and not having control over what has access to (what) in your
> > account. Basically until you change your password, the account service
> > has full access to your ownCloud.
> In Ubuntu Touch case, this is not 100% correct: while it's true that you
> cannot control what an application will do once it gets the ownCloud
> username and password, we *do* control what applications have access to
> the ownCloud account.
> When the account is first created, no application can use it. Once an
> application requests to use the ownCloud account, the user will be
> presented with a visual choice (authorize the app for this account,
> authorize the app for a new ownCloud account, or deny). Until the access
> is authorized, the application will not be able to retrieve the ownCloud
> (OAuth is generally better because it has the concept of "permission
> scopes", but OTOH not all services using OAuth make use of that feature)