Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support authentication with aditional identity providers (Github, Twitter, Google Accounts) #7

Open
harobed opened this issue Jun 19, 2014 · 4 comments
Open

Support authentication with aditional identity providers (Github, Twitter, Google Accounts) #7

harobed opened this issue Jun 19, 2014 · 4 comments

Comments

@harobed
Copy link

harobed commented Jun 19, 2014

Append Github Account support.
@wrr
Copy link
Owner

wrr commented Jun 19, 2014

Hi @harobed ,

Can you clarify what you mean by 'Github Account support'? The project already uses GitHub issues for reporting problems and opening feature requests is this what you had in mind or something else?

Thank you

@harobed
Copy link
Author

harobed commented Jun 19, 2014

I speak about append Auth with github account additionally to persona.

@wrr wrr changed the title Append Github Account support Support authentication with aditional identity providers (Github, Twitter, Google Accounts) Jun 20, 2014
@wrr
Copy link
Owner

wrr commented Jun 20, 2014

Thank you for the clarification.

Currently there are no plans to support methods of authentication other than Persona. The problem is that supporting several ways to authenticate will make managing permissions difficult and login experience confusing. Say I have a wwwhisper protected site, and I grant a user permission to access the site using her GitHub account. The user opens a link to the site and sees several login options: Persona, Twitter, GitHub, etc. She may decide to use Twitter, and will get an `Access Denied' error, because with many identity systems there is no reliable way to tell that a GitHub account owner 'xyz' is the same person as a Twitter account owner 'abc'. A site admin would need to discover and specify all different identifies of a person for login to work reliably, but this would be very inconvenient.

I'll keep this issue open to track interest in this feature and discuss possible solutions, but for now I think using emails as the only ID is the best option.

This was referenced Jun 20, 2014
Closed
Closed
@xeor
Copy link

xeor commented Aug 11, 2014

I'm so glad I found wwwhisper, but so sad when I figured out it didn't have Google oauth support.

I agree that implementing this can be a pain, however, I think most of the cases you would want either method A or method B. A nice workaround for the implementation problem would then be to only support 1 authentication method at a time. I would only support Google oauth, not anything else.

I guess implementing support for several at the time doesn't need to be that complicated either. People needs to keep track of their account themself. Thats how every other sites does this. Maybe people can link them together if you want it really hi-tech..

I do think wwwishper really have a good potential, but it needs 3rd party login possibilities.. What if I want ldap, basic_auth, or maybe authenticate people a cookie sat on the top level domain. The authentication methods should optimal be pluggable. I would at least create a couple of plugins to support different authentication methods..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@harobed @xeor @wrr