X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/20d8557c7bff61a7ba58c85a1bfac675c840cbb7..cf1290eb464f1256aa5c12d973fff774e4f83e5e:/doc/todo/emailauth.mdwn?ds=inline diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 4cf2e48e5..de5d2b119 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -62,7 +62,7 @@ Implementation notes: Otherwise, someone could use passwordauth to register as a username that looks like an email address, which would be confusing to possibly a security hole. Probably best to keep passwordauth and emailauth accounts - entirely distinct. + entirely distinct. Update: passwordauth never allowed `@` in usernames. * Currently, subscription to comments w/o registering is handled by passwordauth, by creating a passwordless account (making up a username, not using the email address as the username thankfully). That account can be @@ -127,8 +127,14 @@ Thoughts anyone? --[[Joey]] >>> >>> Another way to do it would be to hash the email address, >>> so the commit appears to come from ->>> `smcv ` instead of +>>> `smcv ` instead of >>> from `smcv ` - if the hash is of `mailto:whatever` >>> (like my example one) then it's compatible with >>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). ->>> --[[smcv]] +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]] + +Note that the implementation of this lives in [[plugins/emailauth]]. + +Also, I have found a similar system called [Portier](https://portier.github.io) that enables email-based auth but enhances it with [[plugins/openid]] connect... Maybe ikiwiki's authentication system could follow the standards set by Portier? OpenID connect discovery is particularly interesting, as it could mean that using your GMail address to login to ikiwiki would mean that you go straight to the more secure OpenID / Oauth authentication instead of relying on the slow "send email and click link" system... --[[anarcat]]