Feature: OpenID Authentication

SockDrawer / SockRPG

SockRPG: A Forum built by role players, for roleplayers

MIT License

2 stars 1 forks source link

Feature: OpenID Authentication #3

Open yamikuronue opened 9 years ago

yamikuronue commented 9 years ago

User Story: Authentication

As a roleplayer on Livejournal, Facebook, or Wordpress I want to be able to join quickly and easily So that I don't have to remember another password

Scenario: Account creation with OpenID

Given I do not have an account When I authenticate with an OpenID account Then an account should be created And I should be logged in

Scenario: Login with OpenID

Given I have an account When I authenticate with an OpenID token Then I should be logged in

TwelveBaud commented 9 years ago

Does this also cover other STS providers/systems, like WS-Authentication, OAuth 2.0, Personas, or Shibboleth?

Does this also cover other OpenID providers, such as WordPress, Facebook, and Twitter?

What's the story for users with multiple OpenID accounts? Do they each get a separate forum account, or is there a provision for "many keys, one door"?

yamikuronue commented 9 years ago

No to the first; I worded it specifically because I know we want OpenID but we hadn't finished deciding on the others, so they get their own tickets.

Yes on the second. The use case that sold me on OpenID was LJ, but we should support all of them if we do one.

Good question on the third. When we figure it out, we should add a third test scenario to the story :)

yamikuronue commented 9 years ago

To complete this issue:

Wire together #38 #39 and #40
Write tests that validate acceptance criteria

Issue is complete when tests pass

AccaliaDeElementia commented 8 years ago

we're going to defer this for now. we'll add authentication via openID once the forum is more complete.

we can go a few sprints without authentication to get the basic structure working and that will make it easier to integrate openid.

yamikuronue commented 8 years ago

This may or may not be feasible after all, because each site might have to register with each OpenID provider: https://github.com/learning-layers/openid-connect-button

yamikuronue commented 8 years ago

Also, we were looking at Passport.JS for this

yamikuronue commented 8 years ago

(Copied from another ticket for posterity)

I took a stab at a design, what do you guys think?

https://gomockingbird.com/projects/tkcjhzo

(Slideshow form: https://docs.google.com/presentation/d/1qWGyGiQLulmbxg2VwEOnJlnJ9w_KV-_Vafehd10BVDg/edit?usp=sharing ) The avatar bit is out of scope for this story, and the colors are totally irrelevant.