Open CuriousLearner opened 7 years ago
I think it would be very difficult in differentiating users of application by using SSO. I don't understand how would you manage authorization of different users, for e.g. a speaker and a volunteer will have different permissions.
I'm just referring to Authentication
here. Authorization
would still be using the Permission class as discussed. Makes sense?
According to wiki definition:
With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system.
Perhaps, that we would be doing anyway for different systems like registration, talks management, email management, like a single login for each user for different systems, since we are extending Django AbstractUser, isn't it? Correct me if I am misinterpreting it.
What I have in my mind is this scenario:
User just enter their email address -- A unique login link is generated for them which is mailed to them.
They click on it and are authenticated.
Authorization would still be with Permissions. This is just Authentication. Makes sense?
Makes perfect sense. 👍
I was thinking to use SSO for all users (attendees, volunteers, speakers). This would actually help us to get rid of passwords + since we'll have email of all attendees, they can just login using SSO.
Let me know your thoughts on this.