Bugzilla:OpenID Auth Plugin: Difference between revisions

Bugzilla:OpenID Auth Plugin (view source)

183 bytes added , 11 September 2006

Can use OpenID SREG for email exchange

2

edits

@@ Line 22: / Line 22: @@
 ** Currently still using email.  Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first.
 *  Should email verification process still occur?
-** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address.  That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong.  Current version must be used in tandem with DB.
+** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address.  That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong. (Take a look at [http://openid.net/specs/openid-simple-registration-extension-1_0.html OpenID Simple Registration Extension], it will do what you want and is supported by many IdPs).  Current version must be used in tandem with DB.
 *  Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user
 **  Awaiting fix for [https://bugzilla.mozilla.org/show_bug.cgi?id=87795 Bugzilla Bug 87795 Creating an account should send token and wait for confirmation (prevent user account abuse)]