-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PLANNING ISSUE:Facebook Authentication #2388
Comments
This is awesome!!! 👍 👍 👍 @ebarry What is the minimum chunk of this we could do in a single PR? Perhaps the gems, plus OmniAuth in initializer and user model, and routes, but not changing the existing login sequence or views YET. What do you think? All the back-end stuff. |
Sorry, i don't mean put it all back into one big PR. Just that we can do some things that don't affect current workflows (like login, signup) and merge them in with tests, and know that they work well. Then in a followup PR we can start "Turning it on" for people logging into the site for real -- exposing the back-end work. Does this make sense? |
Like, we could potentially enable this for login first, but not for signup. That would let us test this progressively in chunks. One question is -- will existing users be able to log in with Facebook to their pre-existing accounts? Just wondering. Thanks so much! |
Sorry I could not do much last two weeks due to my mid sems. |
Regarding the tests. I think we will be able to write them at the end of the full functioning of login and signup |
First of all, I will make a simple facebook login compatible with the current publiclab.org |
|
fantastic, and welcome back! Hope your exams went well and very glad to see
you!
…On Mon, Mar 12, 2018 at 1:14 PM, Sidharth Bansal ***@***.***> wrote:
Then in a followup PR we can start "Turning it on" for people logging into
the site for real -- exposing the back-end work
Yeah first of all we will test all the functionality on the local then on
production, then we will make the frontend so that new users will be able
to start logging in from there.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2388 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJ-ytMSjQoOcS3eTCfG3NtUCtQdtQks5tdqz3gaJpZM4SQady>
.
|
Yeah |
Just noting I think we could add some unit tests possibly after Love this! |
@jywarren one important thing I like to discuss which is written in my proposal. If we have a direct sign-up page through provider without registering through the basic sign up form, we will run into many errors. I have listed all of them at https://www.publiclab.org/notes/bansal_sidharth2996/02-20-2018/gsoc-proposal-oauth-authentication. Thus, |
If a user is able to directly sign up through a provider without registration through /signup and then he deletes his provider account then he will not be able to access his public lab account. Also, Twitter is not providing us with the email addresses, so we can't directly write all stuff into the user model. Another reason is if two providers give you same uid then there would be a conflict hard to resolve. If the public lab would not have any login in the past then it would be much simpler. But that is not the case. We already have a lot of usernames flushed into the production database so there are potential chances of conflicts of the usernames given by the provider and already present in the database. A user has many identities. An identity belongs to a user. An identity holds information of the provider. So, no need to worry about all the erroneous situations. |
Also, I will like to mention that there is not a fixed solution to multi party login system . we can have multi party login (that does not have any problem ) but multi party sign up (without a registration form)have many issues. Just we can discuss and adopt the strategy which is best over the rest. I have gone through many websites which already have signed up through multiple providers. Yes, they do suffer from the anomalies which I have list above/ proposal. So, I don't want that those will happen here. Eg. At codechef.com you can login through fb and then unlink your fb account. That will result in an account present in the database but not accessible by anyone. Because the user has destroyed the identity through which he logs in to his account. |
Also, I will like to tell that the integration part needs to be implemented simultaneously through out the project. We could not have integration at the last stage for multi party authentication |
Hi, all - in relation to @SidharthBansal 's proposal and discussion of "without a password" state, check out these two lines in the login sequence, which redirect to ask someone to create a password! plots2/app/controllers/user_sessions_controller.rb Lines 34 to 35 in 77e0c16
|
Moved to #2676 as code is highly interdependent and interlinked for different providers. |
Planning issues for #683
The text was updated successfully, but these errors were encountered: