I'm thinking of adding OpenID support to BZ
Christian Robottom Reis
kiko at async.com.br
Mon Jun 27 18:14:52 UTC 2005
On Mon, Jun 27, 2005 at 02:47:41AM -0700, Rob Lanphier wrote:
> I'm thinking of writing an OpenID (http://openid.net) auth plugin for
> BZ, but I should first put a big disclaimer on it. I'm neither an
> expert on BZ or OpenID development, and my Perl is rusty.
This isn't likely to be a problem -- my first line of Perl was a patch
to Bugzilla, many years ago. Be sure to base yourself off CVS HEAD.
> * I'm thinking of using Auth/Login/CGI as a starting point, leveraging
> Auth/Login/CGI/Cookie as close to "as is" as possible.
Yeah, Cookie shouldn't need to be touched, hopefully. Look at the LDAP
and environment auth code for examples of how auth systems work.
> * I'm not sure how to approach IDs. A URI is a valid identifier, and
> can take different forms. For example, my LiveJournal ID can be
> "robla.livejournal.com" or "livejournal.com/users/robla" or
> "http://livejournal.com/users/robla". Note that none of these are
> "robla at livejournal.com". So, I'm wondering how best to approach this:
>
> b. Still require a mailing address, but auth against the OpenID server,
> and store the OpenID information in a new field in the database
This is probably the most workable solution; Bugzilla assumes an email
address is the login in a number of places, and while that is
suboptimal, we want this done before Christmas 2009. I'm not entirely
sure what the content this other field would be -- but I'm unfamiliar
with OpenID and that might explain why. At any rate I understand why
it's important. I just think that one of the existing auth mechanisms
has a similar problem, but maybe not.
Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 3376 0125
More information about the developers
mailing list