While Mozilla does not intend to micro-manage any CA, the final arrangements for management and processes and infrastructure to be used by the combined company is of interest and potential concern to us.
It would not be appropriate for a CA to escape root program sanction by restructuring, or by purchasing another CA through M&A and continuing operations under that CA’s name, essentially unchanged.
Thus, there may be an inverse relationship between the number of scopes requested and the likelihood of obtaining user consent.
Before you start implementing OAuth 2.0 authorization, we recommend that you identify the scopes that your app will need permission to access.
Mozilla has taken an interest in such transfers, and there is the potential for trust adjustments based on the particular circumstances.
The following steps show how your application interacts with Google's OAuth 2.0 server to obtain a user's consent to perform an API request on the user's behalf.
Your application must have that consent before it can execute a Google API request that requires user authorization.
If you are using Google APIs client library for Java Script to handle the OAuth 2.0 flow, your first step is to configure the objects.
It is a best practice to use well-debugged code provided by others, and it will help you protect yourself and your users.
See the JS Client Library tabs in this document for examples that show how to authorize users with the Google APIs Client Library for Java Script.
In this flow, your app opens a Google URL that uses query parameters to identify your app and the type of API access that the app requires.