Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Accounts #34

Open
3 tasks
RichardLitt opened this issue Nov 2, 2014 · 1 comment
Open
3 tasks

User Accounts #34

RichardLitt opened this issue Nov 2, 2014 · 1 comment
Labels
architecture

Comments

@RichardLitt
Copy link
Member

A user should be able to:

  • Save & Star Papers
  • Sign in using OAuth (all the providers)
  • Access annotations persistently
@RichardLitt
Copy link
Member Author

I think that we ought to not use the standard username + password model. It is antiquated and not secure. I think, instead, that a person's email should be their username, and at the start of each new session, if a cookie isn't already stored in their browser, that we should have them get a new unique ID from their email for that session. This has the benefit of being more secure, although it does work around password managers like 1Password, which could break some users' workflows (mine included).

I think that a user also ought to be able to share annotations with another user on as a one-off link with a unique ID that allows anyone with the link to the paper (stored on our website) which has the ID can see the private annotations, and that these unique IDs should expire at some point (3 days?) but could be persistent if they are linked to an existing user account. This is a complicated use case and may belong in another issue.

What do you think, @jbenet and @adammarblestone?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RichardLitt