Open synrg opened 3 years ago
I'm not entirely happy with this plan. I'd rather see a standard OAuth webapp flow here. But that would involve writing (and hosting somewhere on the web) a whole webapp for Dronefly. I think there are other benefits to pairing the bot with a webapp that might push me in that direction, though, in future, so that possibility makes me disinclined to put this on the critical path for a first public release.
Face it: on the Internet anyone can claim to be anyone. Usually in the communities where that matters people catch on quickly and members are informed. That doesn't require technological measures to spot and correct. If we had a huge user base where it's much harder to keep tabs on users that might be pretending to be someone they aren't, it might be more important to have verified identities, but at present, the Dronefly user base is so small I don't think this one is worth doing. Therefore I am closing it now and taking it off the critical path for a first public release.
If I'm going to go ahead with #161 and use the bot to update projects, I might as well keep this one on the books and tackle it after that one, since it is more of the same. Also, as appealing as a possible webapp companion might be, it raises the bar for other people running their own bot instances, i.e. they might be fine with running a bot, but not fine with running a webapp too. Therefore, making the bot partially dependent on one might not be a great plan. (Not to mention, where am I going to suddenly find time to do this? Gotta be realistic.)
Provide verified self-registration with the bot (i.e.
,user add
) by sending a DM to the bot.Auth flow will be:
,user add <login-id-or-profile-url>
@dronefly
.@dronefly
iNaturalist account with an authenticated request.,user set known true
to allow the bot to know them on any Discord server where both they and Dronefly are members.Background discussion for this feature: https://forum.inaturalist.org/t/how-to-implement-verified-identity-handshake-without-a-webapp/19613