Bugzilla:OpenID Auth Plugin: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Initial draft)
 
(Removing 8 year old information about my attempt to hack OpenID in, and linking to a current BZ plugin that might actually work)
 
(15 intermediate revisions by 6 users not shown)
Line 1: Line 1:
This page is a specification of how OpenID authentication should work in Bugzilla. Work is currently underway on the feature.  In OpenID nomenclature, this is about making Bugzilla an OpenID "consumer".
This page is a specification of how OpenID authentication should work in Bugzilla. In OpenID nomenclature, this is about making Bugzilla an OpenID "consumer".


'''[http://openid.net OpenID]''' is a decentralized authentication system which allows web server applications such as Bugzilla (known as "consumers") to authenticate users by URI.  Through three different two-way conversations (user to consumer, user to server, consumer to server), the consumer can test a user's ownership of a URI without having to receive a password directly from the user, thus not needing to collect and store passwords.
'''[http://openid.net OpenID]''' is a decentralized authentication system which allows web server applications such as Bugzilla (known as "consumers") to authenticate users by URI.  Through three different two-way conversations (user to consumer, user to server, consumer to server), the consumer can test a user's ownership of a URI without having to receive a password directly from the user, thus not needing to collect and store passwords.


== Open Issues ==
== Status ==


*  Where should the OpenID URI be stored?
Jacky Alcine has written a [https://github.com/jalcine/bugzilla-openid Bugzilla OpenID plugin available on GitHub].
** Currently using profiles/extern_id.  Long term should probably be its own field, and longer than 64 bytes.
*  Should user log in using email or by OpenID
** Currently still using email.  Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first.
*  Should email verification process still occur
** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address.


== Other Links ==
== Other Links ==
* [http://comments.gmane.org/gmane.comp.bug-tracking.bugzilla.devel/4695 Discussion on developers@bugzilla.org]
* [http://comments.gmane.org/gmane.comp.bug-tracking.bugzilla.devel/4695 2005-06-27 - Initial exploratory discussion on developers@bugzilla.org]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=294608 Bugzilla ticket for OpenID support]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=294608 Bug 294608 - "Support OpenID as a an account source and login verification method"]
* [http://lists.danga.com/pipermail/yadis/2005-June/thread.html#951 Taint safety discussion on OpenID dev list]
* [http://comments.gmane.org/gmane.comp.bug-tracking.bugzilla.devel/4706 2005-07-01 - Design discussion on developers@bugzilla.org]
 
[[category:Bugzilla|OpenID Auth Plugin]]

Latest revision as of 18:47, 30 March 2013

This page is a specification of how OpenID authentication should work in Bugzilla. In OpenID nomenclature, this is about making Bugzilla an OpenID "consumer".

OpenID is a decentralized authentication system which allows web server applications such as Bugzilla (known as "consumers") to authenticate users by URI. Through three different two-way conversations (user to consumer, user to server, consumer to server), the consumer can test a user's ownership of a URI without having to receive a password directly from the user, thus not needing to collect and store passwords.

Status

Jacky Alcine has written a Bugzilla OpenID plugin available on GitHub.

Other Links

Retrieved from "https://wiki.allizom.org/index.php?title=Bugzilla:OpenID_Auth_Plugin&oldid=642579"