[geeklog-devtalk] "External authentification", again

Dirk Haun dirk at haun-online.de
Sat Mar 12 16:25:40 EST 2005

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #518 - 2 msgs
Next message: [geeklog-devtalk] "External authentification", again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In an attempt to reanimate this topic:

"External authentification" (or whatever a good term would be) is the
idea to let users log into a Geeklog site when they're already users of
another service (like Blogger, TypeKey, ...) or another Geeklog site.

Michael Jervis already has a working prototype. There were only a couple
of open issues left to sort out:

1) Length of username
Other services may allow longer usernames than Geeklog (which is
currently limited to 16 characters). Mike's implementation also adds the
service name that's used for the authentication so that the username is
even longer.

Personally, I'm not too happy about the idea of making the username
longer, but can't really provide any logical reasons for that either.
Just a gut feeling ...

Gavin Mahan wrote:

>Personally I think the username uniqueness should be handled when the

>user first uses the remote log in. Something like "your blogger user

>name is used by someone else on this site, please choose a new user

>name now" then have a field they can enter a new username.

>

>Seems like it might be a pain but future logins and such would just use

>the original blogger username, so only the Geeklog displayed user name

>would be different. Wouldn't add more then a few seconds to the whole

>process (and only the first time the remote user logs in) and ensures

>that all usernames are unique.

How's that for a solution? Mike?

2) Selecting external service
Obviously, there has to be a way to select which external service you
would allow users to log in through. IIRC, Mike's implementation uses
modules for each service, so by uninstalling / not installing a module,
you disallow use of that service.

The only problem was that using "Geeklog" as a login option would allow
login via pretty much any Geeklog site in existence - including,
possibly, ones set up by spammers.

Was there any solution for this or do we just add a big warning in the
documentation?

3) Disabling accounts
This is something we should have anyway, but it's even more important to
have with the external authentification: The ability to disable an
account so that the user can not log in any more.

There probably aren't any open issue with this, other than that it has to
be implemented. Mike, IIRC, you thought about having a go at it. Any success?

Personal status report: I haven't been able to do any Geeklog coding in
the last two weeks (and it doesn't look too good for the coming week
either). Given the various loose ends / unfinished things in CVS, I'd be
willing to let Mike implement this feature and simply add it to CVS once
we've cleared up the remaining issues.

bye, Dirk

--
http://www.haun-online.de/
http://www.handful-of-sparks.de/

Previous message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #518 - 2 msgs
Next message: [geeklog-devtalk] "External authentification", again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devtalk mailing list