Comments (6)
tiblu
commented on July 1, 2024
@moll @infokujur Let's start discussing the problem here.
from citizenos-api.
moll
commented on July 1, 2024
My argument against using Google and Facebook is that people may have different security practices for handling their Google & Facebook accounts and their Id-card & Mobile-Ids. Right now signatures given through "hard" authentication can be accessed through Google and Facebook. I don't think that's good, especially given there's been no warning of that to people.
from citizenos-api.
ilmartyrk
commented on July 1, 2024
Needs more input
from citizenos-api.
anettlinno
commented on July 1, 2024
Triage 37. Sending to In Preparation for gathering more input for making the decision. Main question is if we trust the email that FB and Google provides? @loorm @tiblu @ilmartyrk your input is appreciated.
from citizenos-api.
ilmartyrk
commented on July 1, 2024
Current login flow after we get user info from Google or Facebook is that
- we check if we have any users connected with that Google or Facebook profile id. If the user exists we log in.
- If connection does not exist we check if any user has the email address sent from Google or Facebook. If e-mail exists we create a new connection for that user and user will be logged in into this existing user account.
- If we don't find any users with that e-mail we create a new account, mark the e-mail address as verified and log the user in
Current flows PRO-s
User can access previously created account with the existing e-mail thus can choose between multiple login methods. After UserConnection is created user can change the e-mail and use different e-mail address to get invites etc.
CON-s
If user intends to use different e-mail he/she will manually have to change the e-mail address, we also don't display any info that the e-mail is used that we got from Google/Facebook
Possible solutions.
- We don't use the email from Google/Facebook response at all. This could result in new accounts being created.
- We use the email, but don't mark the e-mail as verified and send out verification e-mail if new account is created
- We create a new message that display that e-mail we got from Google/Facebook response is now added to the user profile - this should be implemented anyway if we keep using the e-mail address
from citizenos-api.
loorm
commented on July 1, 2024
I don't see, what is the problem, that we would be solving. Don't fix, what isn't broken. I agree with Mikk above, that I think FB and Google are good at verifying e-mails.
from citizenos-api.
Related Issues (20)
- PRIVACY: Do not store IP address more than 4 years HOT 2
- Update E-mail tests to validate HTML HOT 1
- Topic invite flow error for existing User - POST /api/users/self/topics/:topicId/invites/users/:inviteId/accept
- Topic list loading is getting slow. HOT 1
- TECH DEPT: Remove send to parliament related parts from API code HOT 3
- INVITE API creates case sensitive e-mail accounts HOT 4
- Choose between accounts on login HOT 2
- Allow users to merge accounts HOT 2
- Separate contact e-mail and login e-mail HOT 2
- BUG: Topic invite email: wonky footer layout + translation HOT 3
- Public groups HOT 22
- Login invited users with correct account when using e-ID HOT 4
- Machine Learning and AI integrations HOT 2
- Adding topic to group sends confusing invite e-mail
- Only allow public topics inside public groups HOT 2
- Update /api/stats endpoint HOT 5
- Max characters for invite email - UX issue HOT 4
- Odd black bar showing on homepage on mobile HOT 1
- Error message is hard to understand HOT 3
- ID test cert is outdated, probably need to order a new test ID-card HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from citizenos-api.