Changaco
commented
6 years ago I thought we already had an issue for this but I can't find it, I guess I was thinking of https://github.com/gratipay/gratipay.com/issues/2477.
Open jorgesumle opened 6 years ago
Changaco
commented
6 years ago I thought we already had an issue for this but I can't find it, I guess I was thinking of https://github.com/gratipay/gratipay.com/issues/2477.
Changaco
commented
6 years ago Note: there is a standard protocol for verifying domain ownership now, the one used by Let's Encrypt.
EdOverflow
commented
6 years ago Remember to keep an eye out for these verification flaws when implementing this: https://edoverflow.com/2018/logic-flaws-in-wot-services. ;)
Changaco
commented
5 years ago We should implement the same mechanism as Mastodon: looking in the target page for a rel="me" link to the user's Liberapay profile. To do that we'll need a safe HTML parser. Ideally it would run in a different VM than the webapp, as an extra precaution.
Changaco
commented
4 years ago Once a website has been verified and attached to an account, the matching username should be assigned to that account. For example if the liberapay.com domain is added to the Liberapay team, then https://liberapay.com/liberapay.com/ should automatically become an alias of and redirect to https://liberapay.com/Liberapay/. We need #1712 for that.
trebmuh
commented
3 years ago (Only bumping here because) I'd very like to have the possibility to associate an account with a website.
BeeFox-sys
commented
1 year ago rel="me" backlinks are the standard way to confirm site ownership
just1602
commented
1 year ago That'd be great if rel="me" attribute could be added to social media link, so people who link their mastodon account on their liberapay account and who link their liberapay account on their mastodon account could see their liberapay account be verified on mastodon.
Saumya-ranjan
commented
1 year ago Hello, @jorgesumle and @Changaco I would like to Contribute My first Open Source Contribution. If there is something I could help you out with or fix some issues Please do ping me.
Right now people can prove that they are who they are by linking some social networks. However, we cannot do that with websites.
I'm thinking about implementing a validation mechanism (like uploading a file to the root of the server and making Liberapay check for it), so that people cannot impersonate teams or individuals by claiming the ownership of websites. Using this feature we could link the Liberapay account with liberapay.com, and projects or bloggers could link their accounts with their websites.
What do you think? Can we do also something for people who don't have access to the server root, like people who use noblogs.org or wordpress.com?