This is a blueprint to discuss the way all desktop apps can ask for access to a launchpad account:
Front End GUI design
- A user would be presented with a choice of identifying themselves via login or creating a new user account
- Both of these things would throw open a web browser and request a special token which permits the application to act on behalf of launchpad when granting further tokens.
- The user would authenticate in the browser and then permit access to the account (No option must be given about the kind of access, only an accept or deny and a warning about the great power being bestowed)
- The user's account would then appear in the GUI and the app would allow you to see a list of credentials passed on, or delete this account (and all credentials passed on).
- We also provide a button to add further accounts, but this isn't expected to be used very often, but it is a requested feature from community/corporate split programmers with two accounts.
- When an application needs access to an account, it requests access and the user then gets a GUI to allow or deny access for the application. Possibly displaying a list of permission options.
Back End design
This system needs to have a fairly flexible backend and we should base it on dbus to make sure it's easy to use for any application no matter the language:
- The user would have an account in launchpad logged in as described above.
- An application makes a request over dbus to have access to a lp account.
- It could also ask for a list of accounts set up.
- The credential for the system is used to authenticate with launchpad
- Then the system creates a new token with access rights just for that app.
- The credential _data_ is passed back to the application.
Please make your thoughts known here.