-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth Login Plugins #83
Comments
Sorry, but this would significantly impace the whole way the core is designed. It was always intended that the RA EMail is the only primary key that identifies the RA. This is done is all visual grids, in the REST API, even in the FreeOID registry. We cannot change that in the core. The only thing I can think of is that the "change email address" API is called in order to definitively change the email address of the RA (in the RA, OID, and Log table). Not sure how to detect if the address would change or not. Easy way suggestion (please always think about easy solutions first!): If the user wants to change their email address, then they first shall login with the old address, and use the change-email-feature. After that, they can change their email address at their OAuth-enabled provider, and login with the new address at OIDplus. This way we do not need to change or add anything to OIDplus. |
Sorry, you misunderstood me! I do NOT want to change email adress! I want only to change the relation between OAuth Provider Account and OIDplus account! (by an extra table!) Not it is:
I want to change it to
This way the user change emails at OIDplus and the OAuht provider and the relation stays correct and the user still can login with the OAuth provider!!! Other OAuth logins work this way. |
The OID table and all modules are expecting the RA email as primary key. If the OIDplus email is what you define as "OIDplus-RA-ID", then I understand. As long as you introduce this extra table only for your plugin, it is okay. Unfortunately, it is not possible to bundle it to the Core unless the table is compatible with all supported DBMS slangs (PostgreSQL, Sqlite, Access, MySQL, etc.), this is why extra tables are very hard to do in OIDplus. |
|
... Nachtrag : OID key for Owner !== RA ID for user |
OID Table contains Sorry, I cannot change the Core structure at this point. So, did you really think about all the use cases? What if someone uses an OAuth provider and change their OAuth email address with an address that exists at OIDplus with a different RA, but not the one that is connected with your provider_user_id ? Please do what you think is correct. I can just give the friendly advice to think about the easiest solution first, and try to think about realistic use-cases. How likely is it, that someone uses OAuth, and use OIDplus, and change their email adress and/or have a different email adress for OAuth Provider and OIDplus? I think the chance that all 3 apply is near 0. |
OAuth sends an user ID from the provider and the RA table has an ID. For this use case there is no reaason to use email as key, email can be changed.
|
Thanks. This relieves me.
I have no idea what this is, but please please please use code-formatter tools to at least fix the indentation! :-) |
Just a note:
Regarding Logon with Webfan, Login with Google Plugins:
Emails can change, so instead of linking the ra-mail to the provider-email we MUST link the provider-provider-user-id with the RA-ID!
An extra table is needed, I will write a generic OAuth Plugin instead one Plugin for each provider...
The text was updated successfully, but these errors were encountered: