question/suggestion about openid and oauth accounts

@Evgeny @Fitoria , rest of the dev team, community (It is like I am preparing my speech for Oskar awards).

I have noticed, that when a user creates an account using his google or fb account (these two I have tested) he will be redirected back to askbot where he will need to put a screen name and a valid email (that is never validated actually).

I also know that other sites that use openid and oauth mechanism, ask from users to give permission to share also their email address so the site can send them notifications.

By this way a) the user does not need to type his email again and b) the site (askbot in our case) knows that has a valid email that can send notifications.

Do you believe that following the same approach in askbot will add any value?

alexandros.z's avatar
asked 2012-05-14 09:10:40 -0500, updated 2012-05-14 09:22:54 -0500
edit flag offensive 0 remove flag close merge delete



Sounds great! Especially for the (b) part that there is no need to worry about spam when openId account is used. So maybe not much development is needed to validate accounts (as popularly requested in this post), only in case askbot credentials are used.

zaf's avatar zaf (2012-05-14 09:36:12 -0500) edit

This is true, thank you for pointing this out

Fitoria's avatar Fitoria (2012-05-14 10:55:30 -0500) edit

Good point about email extracted from other services being most likely valid.

Evgeny's avatar Evgeny (2012-05-14 11:30:30 -0500) edit

And I just realized that you can actually deactivate askbot login from live settings and have only external services login! So you are ensured about valid emails and you only have the trade-off some users to affraid or not trust to log in with their accounts. But avoiding spam is a good pay-off, so I would take this option..

zaf's avatar zaf (2012-05-14 16:30:17 -0500) edit

@zaf, thanks we will indeed revive the email validation feature.

Evgeny's avatar Evgeny (2012-05-15 10:37:37 -0500) edit
add a comment see more comments