Closed panpawn closed 7 years ago
Basically I'd just support Google login.
This is, incidentally, a feature anyone can implement; we already have an email
field in ntbb_users
you can use for this.
PS's web server is written in PHP, not Node.
What about something like this: https://www.npmjs.com/package/node-2fa
I literally just said that PS's login server is written in PHP, not Node.........
Time to rewrite it to not-PHP then!
Languages/frameworks since PHP tend to do a horrible job of replacing what's good about PHP. It may be pretty bad as a language, but deployment is utterly straightforward and boilerplate is nearly nonexistent.
Would there be any legal complications involved when using OAuth with something like Google if they comply with COPPA and we don't?
No...?
...oh.
Personally I'm not a huge fan of using your account from another site as authentication. I wouldn't say we shouldn't have it just because I don't like it, since I understand why people would find it desirable. As long as there's the option to log in the same way we do now I'm fairly neutral on this
I just want to give an update on the the state of this issue. Also linking similar issue on client (Zarel/Pokemon-Showdown-Client#972) so it's easier to navigate to this discussion from there.
So after talking with Zarel and doing some research on Google's API, I've boiled down the steps for implementing this feature to the following:
Zarel mentioned making use of some sql email fields on the client, but I don't remember the details too well. If there any steps I may have misinterpreted or missed feel free to make a correction.
I actually just started moving this way up on the priority list. The sim server should not be involved; it should be entirely done on the web server.
I guess there wasn't an issue already open for this? This has been talked about for as long as I can remember. Basically, two-step authentication is another layer between you logging in, by means of using another source to verify your identity (email, for example).