From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
Cc: | Dave Page <dpage(at)pgadmin(dot)org>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: Google signin |
Date: | 2017-07-12 14:27:57 |
Message-ID: | CABUevExvPOspav0rRAMzUY3aZYN5=42DbF8anfzF4oOE+O8JCA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On Wed, Jul 12, 2017 at 4:16 PM, Jonathan S. Katz <jkatz(at)postgresql(dot)org>
wrote:
>
> On Jul 12, 2017, at 8:30 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>
>
> On Wed, Jul 12, 2017 at 1:23 PM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
>
>> I'm working on Cleaning Up Some Old Branches (TM) in the pgweb
>> repository, and found one I did during some airport hacking that I forgot
>> to post to people about.
>>
>> It's been discussed a couple of times that we should perhaps support
>> Google signin for community auth.
>>
>> Basically, the idea behind it would be that on the login page you would
>> both have the regular userid/password box, and also a button for "sign in
>> with google". If somebody signs in with Google, it would automatically
>> match it to their community account based on email address (since Google
>> doesn't have the concept of a separate userid, and even if they did that
>> would open up all sorts of hijacking vulnerabilities). If they didn't
>> already have a community account, we'd offer to create one automatically
>> and copy the main information over from the Google profile.
>>
>> My implementation so far, which does the login but not the provisioning
>> of new accounts yet, is about 50 lines of python/django and 25 lines of
>> javascript. So it's not very difficult to do.
>>
>> The bigger question is - do we *want* to do this?
>>
>
> I think it's a reasonable option, though it would open up debate on what
> else to support. GitHub springs to mind…
>
>
> Would this work with @postgresql.org accounts? AFAIK they are not
> configured with Google services.
>
>
You can create a Google account with your @postgresql.org email address.
You just can't use it to receive email, but other things works.
That said, this is not intended to *replace* the username/password login
part, it would be ina ddition to it.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2017-07-12 14:31:51 | Re: Google signin |
Previous Message | Greg Stark | 2017-07-12 14:16:40 | Re: Google signin |