[openstreetmap/openstreetmap-website] Add MAPS.ME authentication (#1433)

[Paul Norman]

I had this typed out last night but forgot to hit post

-----

> What I forgot to mention is that e-mail addresses from passport.maps.me are considered verified

After reviewing the discussion here, 👎 to this, and we probably need to review what we're doing for other providers. I'd be comfortable skipping verification for Google for gmail emails because Google is the email provider there. In a case like this, or Google with a non-gmail email, I'm not comfortable with it and think we need to verify.

Most of the discussion so far has been about emails, but we need to be sure that we're satisfied that adding them is a good idea. In particular, we should check that

- [ ] we want to add them as a provider
- [ ] the alternate authorization workflow with the access token is sane
- [ ] their usage policy allows us to use them as an an authentication service

What else needs deciding?

I think this would be the first authentication service that is not a general-purpose identity provider.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/1433#issuecomment-284514375
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170306/343cf444/attachment.html>