Login to SL without the Proxy

[Terreii]

Is your feature request related to a problem? Please describe.
The Third-Party Viewer Policy section 4.d prohibits the transmission of usernames and passwords to other Servers then LindenLabs.

But LindenLab did implement a login endpoint for Web based viewers to allow SpeedLight to log in.

This endpoint should also be used by Andromeda.

Describe the solution you'd like
Contact OZ and discuss how the login endpoint could be used.

Describe alternatives you've considered
Not be listed on the Third Party Viewer Directory.

Additional context
The endpoint uses the Access-Control-Allow-Origin, Access-Control-Allow-Headers and Access-Control-Allow-Methods headers.

Things to figure out:

• What are the requirements for the login?
  • Is there a URL allow-list?
  • Is JSON usable? It is implemented as one of the LLSD formats.
  • What of the process is allowed to be public?
  • What is the expected time frame until the changes are merged back into the standard login URL?
• Capabilities
  • Are the LLSD based capabilities directly accessible for a browser?
  • Can the textures be loaded by a browser?
• UDP
  • Is there a posiblility for a browser to connect to a SIM through WebSockets or WebRTC's RTCDataChannel.
  • Or if not: are the plans for encrypting the UDP stack?

More to come after the Mail exchange.

[Terreii]

OK, LL uses a allow-list on the origin.
Future plans:

• Continue as usual for now.
• When releasing:
  • Block all sign up and anonymous logins.
  • Give LL a way to authenticate the viewer.
• Then add the necessary changes.
• Unblock sign up and anonymous logins once the viewer is added to the allow list.