On 2/6/2014 5:02 AM, Stian Thorgersen wrote:
A user should have an id, username and email (what we have now). The
id should be generated by the server and should never change for a user. The sub field in
the token should use this id, not the username. Applications that wants to store
information associated with a specific user should also use this id, not the username or
email, as the id will never change.
That means it should be possible for a user to change his/her username. Obviously a
username has to be unique within a realm. We should then allow a user to login with either
their username or their password. When a user is able to login with their username we can
also remove the forgot username option on the login form, and only have a forgot password
option.
This would also help integration with social login as now we don't have to try to
create a sensible username for a user on social login. Instead we create a generated id,
and don't even set a username. A user can then set the username they want through the
account management (or on the update profile action page if that option is enabled).
If there's no objections to this, I'd like to add these changes to alpha2.
Ugh, this is just a nasty change. usernames will rarely, if ever,
change and I don't like the idea that users can change their username.
A principal name of "bill" is much more coherent than
"2341235234234-234123-234123-2341234".
I want to ping
jboss.org guys and see if they allow changing or setting
usernames for their social login or how they handle that scenario.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com