Jonty
commented
2 months ago It might be nice to make this available externally, as we have had attendee requests for it in the past (for games/services and the like).
Open russss opened 2 months ago
Jonty
commented
2 months ago It might be nice to make this available externally, as we have had attendee requests for it in the past (for games/services and the like).
lukegb
commented
2 months ago As a first take on this, IMO we should just support the openid, profile, and email scopes; we could potentially add some extra scopes (emfcamp.org/schedule/favourites/read? emfcamp.org/schedule/favourites/modify?) later but that implies doing more than just being an IdP.
marksteward
commented
2 months ago Email should be optional imo.
russss
commented
2 months ago It would be nice to support attendee-run clients but this doesn't preclude having the client credentials in a static file. (It might be good to have an expiry date for client credentials in this case.)
Allowing clients to see email should definitely be optional - I guess the approval page which the user sees should clearly state if it's an official EMF service and what data the client can access.
Jonty
commented
2 months ago What are the use-cases for sharing email? Is it just notifications?
We could do with some way of allowing people to log in to other services with their EMF ticket account. I am contemplating a few things which do not need to be tightly coupled to the main website. OIDC is likely the best way forward here.
Some considerations: