Closed cdepillabout closed 6 years ago
cdepillabout
commented
6 years ago One question to figure out is how to send the user an email. Can we use sendmail on the host system? Or maybe we should be using Amazon's SES?
It would be nice to give the user a choice of how to send the email. Also, it might be nice to provide a way for goat-guardian to delegate sending an email to the upstream host.
cdepillabout
commented
6 years ago Because of the complexities of this, I don't think we should aim for the MVP for this feature.
arowM
commented
6 years ago I have a question. What do you planing to do just after MVP release? Just publishing to hackage (and stackage), or also posting to reddit (and/or any service)? The requirements for MVP is various depending on the perspective.
cdepillabout
commented
6 years ago @arowM I think we could debate about what do to after the MVP release, and which features to add to the MVP. I created a different issue to track that: https://github.com/arow-oss/goat-guardian/issues/3
arowM
commented
6 years ago One question to figure out is how to send the user an email.
I guess sendmail is enough to proof concept of goat guardian.
Also, it might be nice to provide a way for goat-guardian to delegate sending an email to the upstream host.
I guess it is the easiest and flexible way to make end user to create API end point as follows, and specify the API path.
$ curl -H "Content-Type: application/json" -X POST -d '
{ "title": "title",
"to": "email address to send",
"from": "email address to send from",
"body": "email body"
}
' http://some/api/path/to/send/email | jq
{
"result": 0
}At https://github.com/arow-oss/goat-guardian/issues/3#issuecomment-402036825, @arowM also noted that we will eventually need to add support for the following actions as well:
arowM
commented
6 years ago Other features supporsed to be support is:
arowM
commented
6 years ago goat-guardian could provide default pages for requesting the user's email address and password. These should be able to be overridden by the upstream app.
I've expected that goat-guardian provides JSON web API instead of login HTML page. Is this just for simplifying explanation, or supposed to provide HTML page rather than JSON web API?
cdepillabout
commented
6 years ago goat-guardian could provide default pages for requesting the user's email address and password.
These should be able to be overridden by the upstream app. I've expected that goat-guardian provides JSON web API instead of login HTML page. Is this just for simplifying explanation, or supposed to provide HTML page rather than JSON web API?
I agree with this.
Ideally, goat-guardian would provide both a JSON web API and a login HTML page.
The JSON web API will be used by most people who want to code their own login page (using their own templates, HTML, CSS, styling, etc). The login HTML page provided by goat-guardian would be used by people who just want to get something running fast and don't care that the login page looks different from the rest of their app.
However, upon thinking about it, creating an HTML login page for goat guardian may be out of scope for this issue.
The first implementation of this email-based login should just provide a JSON web API.
cdepillabout
commented
6 years ago The functionality for doing email verification has been added to the master branch.
The only functionality that is missing is making sure that the verification URLs emailed to the user actually expire. However, this should be relatively easy to add, so maybe we can add it after doing the proof of concept release.
cdepillabout
commented
6 years ago I created #22 to track the verification URLs expiring. I'll close this issue since the rest of the functionality is available.
It would be nice to support an email/password registration and login flow in addition to OAuth.
This would be a little bit more complicated than OAuth, requiring possibly support from the upstream server.
The general sign-up flow should work like this:
unverifiedverifiedgoat-guardian could provide default pages for requesting the user's email address and password. These should be able to be overridden by the upstream app.