Add optional "user activity/cross-identity" feature

[Pjino]

Now that you're also discussing session/JWT may be a good time to propose/think about this feature that may be useful in several use cases and goes well with your package that handles user activity related stuff in an integrated and efficient way. By user activity/cross-identity I mean: 1) Identify users even when they are not logged in - there are plenty of situations where a user doesn't even bother to log in because is just looking to see if there's any interesting novelty in the app, so he just browses and if no novelty he doesn't log in. Using authentication info would allow me to know that that user is probably the same. I could also associate IP/OS/browser info to validate it; 2) save/enrich user visit information - there are user information that an authentication/permission system already has an that is being lost. Some standard metrics (visits, time, pages,...) may be saved and made available both server (for admin panels) and client side (for user own statistics) in a simple an similar way such as "currentUser".

I think this could be a good fit for Openmaize and another distinctive feature in the 360 degrees user identity/activity solution.

Thank you very much for your attention.

[riverrun]

First of all, thanks for your suggestions. I'll look into point 1 further. If you know of any open source apps (any language) that do this already, please let me know. I can see how they approach it. About point 2, I could make it a lot easier to inspect the current_user value (and other connection details). I'll get back to you when I have more concrete plans for how to do this.

[Pjino]

Great! By now I only have a few ideias of mine, so I'll try to find some app that I can reference. Thank you.

[riverrun]

I'm closing this issue for now, but feel free to reopen it if you have any further comments.

[Pjino]

Hi again! I'm back to another Openmaize installation and I realised that, now, with the way you implement "Remember me" it seems to me that if you provide a configuration to make "remember me" mandatory (or not) then my point 1 should be taken care, right? Also, regarding point 2, making some metrics explicit (like in the "trackable" Coherence module) may also result in a more friendly approach. I also would like to say that your work is really good, and mostly appreciated. Thank you.

[riverrun]

Let me look into this further. I'll get back to you soon.

[riverrun]

With reference to your comment about the trackable module, I'm in the process of adding logging to Openmaize - see #84 for details, and this is meant to help track user activity (mostly suspicious).

I think the logging will help developers gather information about users, but it won't do anything with this data in the way that Coherence does. In other words, there will be a difference in the boundary between what the authentication library does and what is left up to the developer.

[Pjino]

I see. That's fair enough. Thanks anyway!