karger
commented
8 years ago This API would certainly be useful. But I don't think there's a need to generate random usernames. We need a UID on datahub (which doesn't need to be random) but a given application could decide to associate its own usernames with that UID. Datahub could store the association between (app-specific) usernames and UIDs. In a sense, username is a front-end concept. In datahub we probably want to associate UID with an email address to let the user claim it later, but we don't have to force the username to be the email address either. And in general I think it will be good to let people have different usernames on different applications.
Not sure it is part of this issue, but when we do let individual apps create accounts for users, we need to make sure that the app can only access data that the user creates with that app, and not that the user has created with other apps. The app should create/access tables that are associated with itself, through some app-specific key or secret, and other apps shouldn't be able to access that data unless the user gives explicit permission.
It would be great if this could all work with a pure javascript app---ie, I set up some tables and a user directory on datahub that are associated with a particular web domain, and the js app on that domain is able to create user accounts for that domain....
On 7/29/2016 2:57 PM, Justin Anderson wrote:
Via a new API endpoint. Useful for apps that want to store user data in DataHub without needing users to create a DataHub account, know that their data is in DataHub, or even know what DataHub is. If those users want to control their data at a future date, they can claim ownership of the account by virtue of email address control.
- Should generate random usernames and passwords.
- Client apps should be able to suggest a desired username, but may not get it.
- If those users visit DataHub directly, they should be able to claim that account via a password reset email. There should also be an API endpoint for generating those emails on behalf of the user.
All accounts will still require an email address so that users can gain access to their account regardless of the client app's help.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/datahuborg/datahub/issues/173, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXn-BiPEVedlQ-M3RDqFO5eRmlmPWks5qak0agaJpZM4JYecD.
Via a new API endpoint. Useful for apps that want to store user data in DataHub without needing users to create a DataHub account, know that their data is in DataHub, or even know what DataHub is. If those users want to control their data at a future date, they can claim ownership of the account by virtue of email address control.
All accounts will still require an email address so that users can gain access to their account regardless of the client app's help.