X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/804144402bd6b3b52b3e38aff7cc0812ac1ba0c8..be8a28e1e5816d42f6500e9f7049d223333eac3b:/doc/todo/emailauth.mdwn diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 357a4ad9b..de5d2b119 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -127,8 +127,14 @@ Thoughts anyone? --[[Joey]] >>> >>> Another way to do it would be to hash the email address, >>> so the commit appears to come from ->>> `smcv ` instead of +>>> `smcv ` instead of >>> from `smcv ` - if the hash is of `mailto:whatever` >>> (like my example one) then it's compatible with >>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). ->>> --[[smcv]] +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]] + +Note that the implementation of this lives in [[plugins/emailauth]]. + +Also, I have found a similar system called [Portier](https://portier.github.io) that enables email-based auth but enhances it with [[plugins/openid]] connect... Maybe ikiwiki's authentication system could follow the standards set by Portier? OpenID connect discovery is particularly interesting, as it could mean that using your GMail address to login to ikiwiki would mean that you go straight to the more secure OpenID / Oauth authentication instead of relying on the slow "send email and click link" system... --[[anarcat]]