email should be case insensitive

anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

http://anvil.io

MIT License

361 stars 85 forks source link

email should be case insensitive #344

Open PetrSnobelt opened 7 years ago

PetrSnobelt commented 7 years ago

Hello, I figured out that the email used for logging depends on uppercase and lowercase letters.

Is there any way how to disable this. I think email should be case insensitive.

Thank you Petr

dmitrizagidulin commented 7 years ago

I agree. Given that the underlying persistence (Redis) treats keys as case-sensitive, but emails are generally understood (by users, and by the actual email spec) to be case-insensitive, this gets us into several confusing situations.

dmitrizagidulin commented 7 years ago

Specifically, I think email addresses should be forced to lowercase by the registration code, at user signup / account creation. Similarly at login time (if you're using the email / password strategy)