[openstreetmap/openstreetmap-website] Add allow_read_email oauth permission (#1431)
notifications at github.com
Wed Feb 8 22:58:41 UTC 2017
My main concern here is that I suspect our UI around permissions is not good enough - for example I don't think we allow users to control what permissions they grant do we? They have to either accept or reject whatever the application asks for?
Certainly before we can allow this we need to be absolutely sure that the users are entirely clear that they are consenting to reveal this.
What's the use case for this anyway? It strikes me that this is really of interest when using OAuth as an authentication mechanism, which we have always considered out of scope - our OAuth implementation was intended to allow users access to OSM rather than to allow other sites to authenticate against our user database.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev