[openstreetmap/openstreetmap-website] Proposal: Seamless Sign-On for OpenStreetMap users from 3rd party apps (Issue #4128)
Tom Hughes
notifications at github.com
Wed Aug 2 16:57:21 UTC 2023
On email addresses I think I was a bit mistaken in what I wrote before.
We always take the address from third party providers, assuming that the omniauth plugin gives us one.
What we don't always do is skip validation of the address - we originally only did that google on the grounds that a google account and a gmail address are directly connected so if the user has authenticated the email must be valid.
I was at some point persuaded to extend that to Facebook but I really don't think we should have done because they only know that it was valid at some point in the past.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4128#issuecomment-1662594236
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4128/1662594236 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230802/09c03da3/attachment.htm>
More information about the rails-dev
mailing list