Consider removing configurable avatar id

[ralphbean]

From the perspective of FAS alone, it is neat that you can choose to change the id used to generate your libravatar.

However, when considering multiple systems interacting together, I'm not sure this is a net gain. If the user changes their libravatar key to be something else (say, ralph@threebean.org). Our other systems that expect to lookup their libravatar as 'ralph@fedoraproject.org' will get the "wrong image" compared to the one they have set in FAS.

I'd be glad to make the code changes to restrict this to only one kind of value (one that matches the way all our other systems do it (badges, bodhi2, trac, pkgdb, fedmenu, etc..)) but I want to check with @laxathom first.

[pypingou]

Instead of calling libravatar ourself (in the outside apps), what about asking FAS to return us the avatar?

This way the user foo sets is avatar id to be mylittlepony@example.com and bodhi, trac, pkgdb, fedmenu just query https://admin.fp.o/accounts/avatar/foo that return them directly the appropriate avatar.

Just thinking out loud

(While thinking about it, this would work for apps like badges, bodhi or pkgdb, but won't for trac unless we make a plugin for it)

[ralphbean]

@pypingou, our FAS3 endpoint could do that with an HTTP 302. Neat idea!

However, we'd then have to do the work to go back and modify badges, bodhi2, FMN, fedmsg_meta, pkgdb, fedmenu and wherever else to all point at a new endpoint -- FAS instead of libravatar.

It seems to me like we don't get any real gain in UX.. and it may actually be more confusing for users. You click on your image in FAS3 to... change a key used under the hood to generate a hash and find an image? Clicking your image should just take you to where you can change your image (like it does in the badges, FMN, and bodhi2 interfaces).

[laxathom]

+1 on @pypingou That was/is actually the idea in the first place to have FAS being able to change the avatar ID.

We should see this the other way around too. John Doe knows that FAS is the Account system of Fedora's services and expects that if he changes an information from his account it will be effective/published all across Fedora's service no matter what and that he doesn't have to go through all every single services to update his avatar. Note that he changed his info from his account system as this the place where he registered and will go each time he want to change a thing not from the updates or build system.

However, we'd then have to do the work to go back and modify badges, bodhi2, FMN, fedmsg_meta, pkgdb, fedmenu and wherever else to all point at a new endpoint -- FAS instead of libravatar.

Well, I'm afraid that we will have to do it any way, I mean to update others app to new FAS as the API has been revamped with a token system and a new way of requesting login. But once done, every next changes would have to be done at one and only one place. That doesn't forbid others apps to have a fallback system in case of.

"Clicking your image should just take you to where you can change your image (like it does in the badges, FMN, and bodhi2 interfaces)."

Well, I agree at 95%. This is an external avatar system where people could have set multiple images for different emails which could not be the one they set into FAS with an attached image that they don't want to use with Fedora system but with an different web service or the like. I would actually offer both way of changing the images. Change your id if you know it or redirect you to the avatar system to do so.

It seems to me like we don't get any real gain in UX..

This could be confusing as people might not know what the ID stand for at first place.

Also, the current setup in other app isn't quite OP in a UX point of view as well. If I click to change my avatar, once done, I've no way to go back to the web app I were at first place. This is an big issue in UX's journey for me specifically when the web app redirects me to the avatar system in the same tab losing session and force me to go back and refresh the page by myself.

At the end, I think providing a way to go to the avatar system is a good idea specifically when user don't know anything about avatar system and register to FAS and want to create an image. At this point just asking for the ID is not efficient, that's for sure. Maybe this code should be moved to FAS, with adjustment as proposed above.

[ralphbean]

John Doe ... [shouldn't] have to go through every single services to update his avatar.

I am not suggesting he should have to do this.

I was pointing to the mechanism currently in place in those apps as good examples of the mechanism that I think FAS3 should use.

I'm afraid that we will have to do it any way, I mean to update others app to new FAS as the API has been revamped

• Not all apps use the FAS API for data on users
• The apps that do query it for data on users use the fedora.client module which we can hack to make backwards compatible.

...a token system and a new way of requesting login.

Are we not using openid anymore? This seems like a different issue.

"Asking for data on users" is the interaction at stake here. Other apps will want to display the image of a user (and perhaps other things about a user -- a "bio", their group memberships, etc..)

This is an external avatar system where people could have set multiple images for different emails which could not be the one they set into FAS with an attached image that they don't want to use with Fedora system but with an different web service or the like.

Right. So we should use no email addresses and instead use their Fedora openid identifier. I cannot think of a reason why a user would associate an image with their Fedora openid identifier, and want that image displayed on Fedora sites (over some other image that they associated with their gmail account, for instance).

I would actually offer both way of changing the images. Change your id if you know it or redirect you to the avatar system to do so.

This seems like an unnecessary degree of complexity to me.

If I click to change my avatar, once done, I've no way to go back to the web app I were at first place. This is an big issue in UX's journey for me specifically when the web app redirects me to the avatar system in the same tab losing session and force me to go back and refresh the page by myself.

This is a valid complaint. Perhaps we can handle this in a popup (I'm imagining something like how Persona login looks).

---

I think my biggest problem here is that libravatar.org provides a public web API. And we're writing a public web API, to cover that public web API. Why not just use the original one?

The UX of having to go to another site to change your image is one thing, but the current setup doesn't solve that anyways. In order to be able to switch between different libravatar.org images that you have registered, you have to be an advanced user to understand what you're doing.

Instead, by saying "we're going to use http://ralph.id.fedoraproject.org/ as our libravatar key everywhere", it simplifies the whole process for users. They don't even have to know so long as we provide an obvious streamlined way to get to where they can change their image (say, by clicking on it in FAS3). It furthermore simplifies the implementation on our dozens of other apps, none of which we have to go back and modify to get their images from a different place. It furthermore reduces page load time, because HTTP requests for image content don't have to bounce through our FAS server before getting to libravatar.org.

[laxathom]

Are we not using openid anymore? This seems like a different issue.

Not related, right. I was referring to the way ipsilon will request login against FAS.

The UX of having to go to another site to change your image is one thing, but the current setup doesn't solve that anyways. In order to be able to switch between different libravatar.org images that you have registered, you have to be an advanced user to understand what you're doing.

Correct. I was not saying this one is green as it's still being writing.

Right. So we should use no email addresses and instead use their Fedora openid identifier. I cannot think of a reason why a user would associate an image with their Fedora openid identifier, and want that image displayed on Fedora sites (over some other image that they associated with their gmail account, for instance).

I do actually :kissing: :notes: I'm fine with using Fedora identifier though.

This is a valid complaint. Perhaps we can handle this in a popup (I'm imagining something like how Persona login looks).

Yeah, an ideal workflow would have been to work with a callback's url from libravatar once you updated your image but I'm asking too much :smile:

Instead, by saying [....]

Agreed and make sense. They will have an unique identifier within Fedora services. I Think what is missing here - beside the code change - is a clear help info about how web services (Fedora project) will manage the avatar. Just being redirect to a 3rd-party without being noticed is confusing.

[ryanlerch]

Closing this issue as the FAS project is now archived, not actively developed, and unmaintained.

FAS was replaced in March 2021 by Fedora Accounts (https://accounts.fedoraproject.org).

If this issue is a Feature Request that you forsee might be beneficial to Fedora Accounts, please refile it against Noggin