search

mdn / ai-feedback

Feedback about AI Help
Other
8 stars 5 forks source link

[AI Help] Question: How do I add accounts to my website? #10

Open Gaelan opened 1 year ago

Gaelan commented 1 year ago

What is the issue with the answer?

It ignores the docs (it draws superficial connections sufficient to satisfy the "based on the docs" requirement, but none of the substantive parts of the answer come from anything in the docs) to endorse two third-party products, one of which might be a decent approach, and one of which is unlikely to be a good approach except in some fairly niche cases. It also doesn't at any point note that third-party APIs are only one way to implement accounts, and that many use cases will be better suited by a traditional client-server approach.

While AI help does admit that "the documentation provided does not explicitly mention how to add accounts to your website", this is not a useful disclaimer for someone not intimately familiar with the implementation of AI help.

How would you categorize this issue?

What did you ask?

  1. How do I add accounts to my website?

What did AI Help answer?

To add accounts to your website, you can utilize third-party APIs to handle user authentication and account management. The documentation provided does not explicitly mention how to add accounts to your website, but it does mention using third-party APIs to add functionality to your websites.

One popular option for user authentication is to use Google's tools, specifically the Google Cloud Platform. To use Google's tools for your website, you need to create a new project on Google Cloud Platform. The documentation provides steps on how to create a project on the App Engine dashboard. Once you have set up your project, you can explore the authentication and account management features provided by Google Cloud Platform.

Another option is to use GitHub Pages, as mentioned in the provided documentation. GitHub Pages allows you to easily publish your site and manage user accounts. You can create a repository on GitHub, and then use GitHub's authentication system to handle user accounts on your website. Users can sign up for GitHub and authenticate themselves to access your website's features.

It's important to note that the documentation does not provide specific details on how to implement user accounts on your website. However, by leveraging third-party APIs like Google Cloud Platform or GitHub Pages, you can explore their respective documentation to learn more about the authentication and account management features they offer.

What MDN pages did AI Help consult?

caugner commented 1 year ago

Hi @Gaelan, thanks for reporting this issue.

We agree that the answer is not particularly helpful, mainly because the consulted pages don't talk about user authentication, but also because MDN content doesn't seem to cover user authentication in general.

Interestingly, the question "How do I add user authentication to my website?" would have given a more helpful answer based on Django Tutorial Part 8: User authentication and permissions, and the question "How do I add user authentication to my website using JavaScript?" would have been rejected by AI Help.

caugner commented 11 months ago

@Gaelan Thanks again for reporting this issue. 👍

As we're working on an iteration, I would like to share with you what AI Help 2.0 might answer.

Can you please check how the following answer performs with regard to the issue you reported above? 🙏

How do I add accounts to my website?

Adding user accounts to your website involves several steps and considerations, including front-end development, back-end server setup, and security measures. Here's a high-level overview of the process:

  1. User Interface: Design the user interface for account creation, login, and profile management. This typically includes forms for users to input their details, such as username, password, email, etc.

  2. Form Handling: Use HTML and JavaScript to create the forms and handle user input. You'll need to validate the input on the client side for a better user experience. For example, you can use the <form> element to create a registration form and JavaScript for validation.

  3. Server-side Processing: Choose a server-side language (like PHP, Python, Node.js, Ruby, etc.) to process the form data. The server-side script will handle tasks such as validating the data again (for security reasons), creating user accounts, and managing sessions.

  4. Database: Set up a database to store user account information. Use SQL with a database system like MySQL, PostgreSQL, or a NoSQL database like MongoDB, depending on your needs. Ensure you securely store passwords, ideally using hashing (e.g., bcrypt).

  5. Authentication: Implement an authentication mechanism to verify user credentials during login. This could be session-based, token-based (such as JWT), or using OAuth if you want to allow users to log in with other accounts like Google or Facebook.

  6. Security: Ensure the security of user data by using HTTPS, preventing SQL injection, cross-site scripting (XSS), and other common web vulnerabilities. Follow best practices for user authentication and data protection.

  7. Session Management: After a user logs in, maintain their session using cookies or tokens so they stay authenticated as they navigate your site.

  8. User Feedback: Provide feedback to the user during the account creation and login process, such as error messages for incorrect input and confirmation messages for successful account creation or login.

  9. Testing: Test your user account system thoroughly to ensure it works correctly and securely.

  10. Compliance: Make sure your user account system complies with relevant laws and regulations, such as GDPR for handling user data.

For more detailed guidance, you can refer to MDN's server-side web development tutorials, which cover many of these topics:

Remember, this is a complex feature with many security implications, so it's important to understand each step fully and consider consulting with or hiring a web development professional if you're not experienced in this area.