Codeberg-e.V./registration-server
15
21
Fork
You've already forked registration-server
20

Use OAuth from Codeberg.org for linking user account and confirming email address #86

Open
opened 2024年01月20日 20:43:22 +01:00 by fnetX · 5 comments
Owner
Copy link

Currently, the software causes the following problems:

  • users manually have to ask to be added to the Codeberg-e.V. organization within Codeberg itself, resulting in moderate repeated effort on our side
  • there is no verification of the email address, and people can become member with an incorrect one (either paying or not), this happens from time to time
  • there is no feedback on the status of the application (accepted or not)

One solution to rule 1 & 2, and partly 3 could look like this:

The reg-server requires an active Codeberg.org account through OAuth. This ensures the email address is valid.
There is a checkbox that allows to link the Codeberg account, and sets a field for the Codeberg username, which is available via OAuth.
Optional: The user is automatically added to a "Pending" Team in Codeberg-e.V. which makes it easier to spot who has signed up recently. Once confirmed, the user is moved to the correct "Members" team, indicating the application was accepted.

Currently, the software causes the following problems: - users manually have to ask to be added to the Codeberg-e.V. organization within Codeberg itself, resulting in moderate repeated effort on our side - there is no verification of the email address, and people can become member with an incorrect one (either paying or not), this happens from time to time - there is no feedback on the status of the application (accepted or not) One solution to rule 1 & 2, and partly 3 could look like this: The reg-server requires an active Codeberg.org account through OAuth. This ensures the email address is valid. There is a checkbox that allows to link the Codeberg account, and sets a field for the Codeberg username, which is available via OAuth. Optional: The user is automatically added to a "Pending" Team in Codeberg-e.V. which makes it easier to spot who has signed up recently. Once confirmed, the user is moved to the correct "Members" team, indicating the application was accepted.
Owner
Copy link

This could all be solved quite easily by making a Codeberg account mandatory to become a member. Do we actually want this though? I personally think that it makes sense.

If we say a Codeberg account is optional for members, or one account can be used by multiple members (maybe relevant with organizations as members?), we have a lot more to think about.

This could all be solved quite easily by making a Codeberg account mandatory to become a member. Do we actually want this though? I personally think that it makes sense. If we say a Codeberg account is optional for members, or one account can be used by multiple members (maybe relevant with organizations as members?), we have a lot more to think about.
Contributor
Copy link

Since active member already requires a Codeberg account we could enforce that through OAuth. For supporting member it can be optional.

I think allowing self-managed multiple members could cause a confidentiality issue. Perhaps if there is a membership portal then a member could submit request to link multiple Codeberg accounts to one membership.

Since active member already requires a Codeberg account we could enforce that through OAuth. For supporting member it can be optional. I think allowing self-managed multiple members could cause a confidentiality issue. Perhaps if there is a membership portal then a member could submit request to link multiple Codeberg accounts to one membership.

Since active member already requires a Codeberg account we could enforce that through OAuth.

That would be a nice-to-have. CC: @ashimokawa

> Since active member already requires a Codeberg account we could enforce that through OAuth. That would be a nice-to-have. CC: @ashimokawa
Member
Copy link

After this is done, an extra improvement would be being able to login with the Codeberg account and see what kind of membership one has and request a change.

After this is done, an extra improvement would be being able to login with the Codeberg account and see what kind of membership one has and request a change.

@kbruen wrote in #86 (comment):

After this is done, an extra improvement would be being able to login with the Codeberg account and see what kind of membership one has and request a change.

Also to change other details, such as IBAN/BIC, mail address, and to get billing information. But would require significant development (with security issues to ensure privacy).

@kbruen wrote in https://codeberg.org/Codeberg-e.V./registration-server/issues/86#issuecomment-18994904: > After this is done, an extra improvement would be being able to login with the Codeberg account and see what kind of membership one has and request a change. Also to change other details, such as IBAN/BIC, mail address, and to get billing information. But would require significant development (with security issues to ensure privacy).
Sign in to join this conversation.
No Branch/Tag specified
main
translations
refactor
legacy
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.0.0
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg-e.V./registration-server#86
Reference in a new issue
Codeberg-e.V./registration-server
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?