Closed miskolc closed 7 years ago
I want to keep this issue open for two or three weeks to see if we can get other people's ideas.
It's fairly straightforward to use email with the Login module:
plug Openmaize.Login, [unique_id: :email] when action in [:create]
+1
Although, removing usernames altogether doesn't seem a good idea.
Thanks for the feedback. It's good to get other people's input on this.
As for usernames, we won't remove them. It's just a question of what the default should be.
My present thoughts about this matter.
I'll probably leave the default as it is, but I'm going to add a switch to the generator so that it is easy to use email
, or anything else, instead of username
. The generator can then be called like this:
mix openmaize.gen.phoenxiauth email --confirm
Commit a442f77894f03c125f01d5f059d398b65600569c implements this change to the generator.
The current plan is to change the default value to :email
, for Openmaize.Login and the installer, when updating to version 3.0, which should be some time in the next week.
In general, as of 2016 it is and has been for quite some time now considered an bad practice to use usernames for authentication since they require the user to remember them for each account and sometimes the username might not even be unique. Email on the other hand have to be remembered by users anyway. not just for your particular applications, it is still needed for either account confirmation or password reset, and they are unique in the sense theoretically only one user can use one email. Most libraries and tutorials I've seen have taken notice of this fact and don't require usernames at all, also most modern sites/apps don't requie usernames, just emails( facebool, google etc, github is just an exception that confirms the rull)
So I believe Openmaize should either default to using email instead of usernames or it's documentation should provide a easy set of steps to configure it to do so.