Just for reference:

Possibly unhandled error: operator does not exist: json = unknown

This means that you're probably trying to search by a field that isn't indexed.

DB.Model.forge({ fooColumnExists: 'bar', bazColumnXattrs: 'json error will happen' })

You may think that bazColumnXattrs is one of the columns by which you can search,
but actually it is not. You should either add bazColumnXattrs to the strict columns
or accept that it is stored in xattrs, which is not searchable
(except with raw PostgreSQL queries).

xattrs of relation foo doesn't exist

Same as above, except that the xattrs column doesn't exist in that table

Needs some hooks for what data lives in the account vs the login.

Almost nothing should live in the login (literally just shims like the twitter authn / authz shim).

There's no hook to upsert the account info via the login info, but there should be.

I.E. I login with facebook, there are some fields I want to add if they don't exist and other fields I want to upsert regardless.

OR-able fields (UPSERT if facebook-only)

username, email address, profile_pic_url

UPSERT-able fields

fb_url, pic_url

If I've logged in with twitter and I now login with facebook, that should get added to the current account (needs testing).

I was browsing the angular docs and found out why apps break when minified:

https://github.com/yeoman/generator-angular#minification-safe

User Story

This is an illustrative user story, but the generally use case of the authn/authz login is much more broad (especially in regards to business management of accounts).

My wife are the annoying type of people that share a facebook account, but we have separate twitter accounts and separate accounts on some other systems.

I log in via (joint) Facebook

• /api/session/authentications now includes facebook
• I have no account, so an account is created as my primary (and current) account
• /api/accounts now includes /api/accounts/:accountId
• /api/accounts/:accountId now authorizes facebook

I go to the link authentications page (for the current account) and select log in via (my) Twitter

• /api/session/authentications now includes twitter, with this as the primary account
• /api/accounts/:accountId now authorizes twitter

I go to "switch accounts" and select "create new account" to create an account for my wife.

• I am prompted if I want to authorize all accounts currently in /api/session/authentications

I checkbox (joint) facebook, but uncheck (my) twitter. I check "use this as the primary account" for the (joint) facebook.

• /api/sessions/authentications/:ourfacebookid is updated to use the this my wife's new account as the primary

I go to another computer and log in via twitter.

• I am logged into (my) account in the system
• I cannot switch to my wife's account

My wife goes to another computer and logs in via facebook

• She is logged into (her) account in the system
• She can switch to my account

Summary

Whatever /api/sessions I have, I may switch to any of those accounts

I may link any of /api/sessions to /api/accounts/authentications as primary or additional

When I login via a particular authentication, I get that authentication's primary account, but I may switch to any account. I may also may this a primary account.

login vs linking: login switches the current account. linking does not.

Let's say I'm logged in as an admin and then I log out. It stays on the same page, but it should update.

should the logout action redirect?

or should each controller redirect individually?
Hmm.. I think yes. There should be an init() function that gets called on user login/logout and redirects back to / if the user doesn't belong there.

it's really annoying to have to redo session interactions every time the server is restarted.

POST http://localhost:3000/api/session/bearer
Authorization:Bearer undefined

Returns status 500 with

[Object object]

Here was the fix:

http://stackoverflow.com/questions/21711939/cant-figure-out-why-page-loads-at-bottom-angular-ui-router-autoscroll-issue

<div ui-view="whatever" autoscroll="false">Loading...</div>

Basically the database layer should only store deterministic ids. All login and account creations (and similar) should be idempotent. This will be used in a federated system.

That means append-only-ish data for most things and first-write-wins or last-write-wins for others.

This constraint DOES NOT limit the application logic, just the persistent storage.

Here's the scenario:
What if two users create an account with the same name on two different systems at the same time?

• they should have multiple recovery emails / phones
• they should have multiple login emails
• they should have multiple passwords?
• the application login should inform a user, deterministically, that his account has been moved to username_1 (the user can change this)
  • until that time, the combo of username or email + password should yield different accounts?
• should user+pass be the unique constraint? This would easily allow separating truly different accounts... but then things would have to be rekeyed on password update...

Accounts are not currently such a problem, so it may be okay that the ids are non-deterministic.

Direct users to http://bootswatch.com/ and http://www.bootstrapcdn.com/#bootswatch_tab

addStripeCustomer should be called when adding a card to a customer that does not currently have a stripe customer record

Any additional cards should also be added to the stripe customer.