On Mon, Apr 2, 2012 at 11:04 PM, Donald Stufft <donald.stu...@gmail.com>wrote:
> Identity doesn't have anything to do with automatically dispatching > users. All it is is a unique identifier. That's all this proposal honestly > enforces that your users have. Some single piece of identifiable data that > can be used to differentiate. This could be a username, or an email > address. It could be a random string. Anything you want. > > In your example you might have a TwitterProfile that provides 2 fields, > "authenticated_by_twitter" and "twitter username". Then if you want to > check how a person authenticated to your site, you'd merely check if > user.data["authenticated_by_twitter"] was True. The identifier doesn't need > to have that data codified in it, (but it could!) and I honestly do not > think the statement "all users must have 1 single string of any length that > uniquely identifies them" is that big of a burden. > Perhaps I am more pessimistic than you, but I think it will quickly get out of hand. I mean, what reasonable developer would look at the user model as Jacob proposes, and wouldn't at least consider, "Well, I could make my own profile and ask everyone to add my app to AUTH_PROFILES and be magically joined on all User queries, or I could use the arbitrary length guaranteed-unique varchar to encode a whole mess of twitter credentials. I think I will choose option #2?" Then as soon as everyone does that and facebook, twitter, browserid, and plain emails all share the same namespace, we open up the same whole can of worms that we get with cache keys, except now failures to manage things properly manifest themselves as security holes in basic authentication instead of cache collisions. Best, Alex Ogier -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
