Bugzilla:OpenID Auth Plugin: Difference between revisions

Can use OpenID SREG for email exchange
m (category:Bugzilla)
(Can use OpenID SREG for email exchange)
Line 22: Line 22:
** Currently still using email.  Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first.
** Currently still using email.  Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first.
*  Should email verification process still occur?
*  Should email verification process still occur?
** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address.  That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong.  Current version must be used in tandem with DB.
** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address.  That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong. (Take a look at [http://openid.net/specs/openid-simple-registration-extension-1_0.html OpenID Simple Registration Extension], it will do what you want and is supported by many IdPs).  Current version must be used in tandem with DB.
*  Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user
*  Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user
**  Awaiting fix for [https://bugzilla.mozilla.org/show_bug.cgi?id=87795 Bugzilla Bug 87795 Creating an account should send token and wait for confirmation (prevent user account abuse)]
**  Awaiting fix for [https://bugzilla.mozilla.org/show_bug.cgi?id=87795 Bugzilla Bug 87795 Creating an account should send token and wait for confirmation (prevent user account abuse)]