Re: Google signin

On Wed, Jul 12, 2017 at 2:30 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

>
>
> On Wed, Jul 12, 2017 at 1:23 PM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
>
>> I'm working on Cleaning Up Some Old Branches (TM) in the pgweb
>> repository, and found one I did during some airport hacking that I forgot
>> to post to people about.
>>
>> It's been discussed a couple of times that we should perhaps support
>> Google signin for community auth.
>>
>> Basically, the idea behind it would be that on the login page you would
>> both have the regular userid/password box, and also a button for "sign in
>> with google". If somebody signs in with Google, it would automatically
>> match it to their community account based on email address (since Google
>> doesn't have the concept of a separate userid, and even if they did that
>> would open up all sorts of hijacking vulnerabilities). If they didn't
>> already have a community account, we'd offer to create one automatically
>> and copy the main information over from the Google profile.
>>
>> My implementation so far, which does the login but not the provisioning
>> of new accounts yet, is about 50 lines of python/django and 25 lines of
>> javascript. So it's not very difficult to do.
>>
>> The bigger question is - do we *want* to do this?
>>
>
> I think it's a reasonable option, though it would open up debate on what
> else to support. GitHub springs to mind...
>
>
Or facebook. Or twitter. Or Microsoft. Or whatnot.

But of all of them to pick, Google is probably the best one to start with
at least, given the largest coverage (at least of people who are willing to
use it for this).

I wouldn't object to supporting others as well, but it's not part of what
I've hacked on so far :)

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>