question/suggestion about openid and oauth accounts

asked 2012-05-14 09:10:40 -0600

alexandros.z gravatar image

updated 2012-05-14 09:22:54 -0600

@Evgeny @Fitoria , rest of the dev team, community (It is like I am preparing my speech for Oskar awards).

I have noticed, that when a user creates an account using his google or fb account (these two I have tested) he will be redirected back to askbot where he will need to put a screen name and a valid email (that is never validated actually).

I also know that other sites that use openid and oauth mechanism, ask from users to give permission to share also their email address so the site can send them notifications.

By this way a) the user does not need to type his email again and b) the site (askbot in our case) knows that has a valid email that can send notifications.

Do you believe that following the same approach in askbot will add any value?

edit retag flag offensive close merge delete



Sounds great! Especially for the (b) part that there is no need to worry about spam when openId account is used. So maybe not much development is needed to validate accounts (as popularly requested in this post), only in case askbot credentials are used.

zaf gravatar imagezaf ( 2012-05-14 09:36:12 -0600 )edit

This is true, thank you for pointing this out

Fitoria gravatar imageFitoria ( 2012-05-14 10:55:30 -0600 )edit

Good point about email extracted from other services being most likely valid.

Evgeny gravatar imageEvgeny ( 2012-05-14 11:30:30 -0600 )edit

And I just realized that you can actually deactivate askbot login from live settings and have only external services login! So you are ensured about valid emails and you only have the trade-off some users to affraid or not trust to log in with their accounts. But avoiding spam is a good pay-off, so I would take this option..

zaf gravatar imagezaf ( 2012-05-14 16:30:17 -0600 )edit

@zaf, thanks we will indeed revive the email validation feature.

Evgeny gravatar imageEvgeny ( 2012-05-15 10:37:37 -0600 )edit