jlmallas160190
commented
6 years ago @enriquezrene @ralden I have a question, if the user chooses an account of Facebook, Twiter or Gmail, the user only authenticates y don’t need to create an account.
The services of Facebook or Twiter get us a token
Three logon-authentication systems must be supported.
First, Google authentication for ioet.com email addresses must be supported. Sessions created when these people logon need to be distinguished from other session types.
Second, Google authentication for gmail.com (and other Google hosted) email addresses should be supported for interns (and eventually job applicants and customers).
Third, for users who do not have Gmail hosted identities we need to allow any email address to be used to establish a new account and we need a one-use token protocol to allow these users to set and reset a password that we (hash and) store. This mode is very different, because we are no longer delegating authentication to an outside system, we are doing it ourselves.