search

bmillwood / flexiprocity

1 stars 0 forks source link

show names for non-friends #7

Closed bmillwood closed 6 months ago

bmillwood commented 1 year ago

People with visibility = everyone will show up to non-friends by fbid. I'd like to store name and profile picture for them.

This does raise the question of whether name should be customizable or forced to be the same as the Facebook name. Some ocnsiderations:

  1. Should check if Facebook profile links (with app-scoped IDs) work for people who aren't friends with each other. If they do, then you can always see someone's Facebook name, and it seems harmless for their reciprocity name to be different.
  2. If I don't expose arbitrary name editing, it seems potentially bad to have the capability still exist on the backend, which would naturally lead to having the auth-server fetch profiles and put the name in the jwt.
  3. How much of an issue is impersonation? Seems like not much of an issue except where it leads to information disclosure to an unintended person, which it might do once we start sending e-mails. (The other case is where you match with someone, but it's an impersonator instead of the real person. That's embarrassing, but probably not so bad.)
bmillwood commented 6 months ago

da26428ae7c84714e1080a9c86504c8f965bb783 stores and shows names; no UI for name-editing yet (see #22)