Open JonTheNiceGuy opened 5 years ago
JonTheNiceGuy
commented
5 years ago The OpenID provider's URL is the only reliable part of the authentication. Everything else is "optional". That said, we could use email as the primary authentication format, and where it isn't provided, use sha1(openid_url) . "@no_email"
JonTheNiceGuy
commented
5 years ago From @ymauray on October 28, 2015 17:11
Ok that makes sense. However, I'm not sure Google sends back something that resembles an OpenID provider's URL. I'm not sure Yahoo does either, even though they are an full fledge OpenID provider. I'm gonna have to check.
From @ymauray on October 28, 2015 11:55
Should the OpendID provider's url be a part of the authentication ? For exemple, if I'm not mistaken, if I log in with my launchpad account which is linked to my main email address, I don't have the same user ID than if I log in with my flickr account, even though it's linked to the same email adresse.
Should the email be the only identifier ? In which case, we could remove the strOpenID column from the database, and add a UK to strEMail.
Copied from original issue: CCHits/cchits-next-wishlist#3