Get rid of usernames
Opened this issue · 3 comments
Looks like the future might hold OAuth, according to discussions with @pwalsh. A sensible first step towards making SpenDB into an OAuth consumer would be to rip user names out of the app, and use IDs instead for profile pages and the account API. People can still log in using their email, and we can later switch that to OAuth which doesn't reliably provide user names.
That's more or less correct, but, as far as OpenSpending is concerned, we still have an unresolved issue here:
We have assumed usernames would be part of the system, and part of the namespacing of packages. Though, @tryggvib raised the issue as part of the migration that current data has multiple users, which breaks the pattern of /{username}/{dataset_name}/{dataset_files} on the flat file store.
So, I suggest to hold on this for the time being: I'm not particularly keen on namespacing packages by uuid, nor on enforcing unique names for packages system wide.
Understood! So far, my sense had been that Google may be the best OAuth to go with, simply because it is so universal, and offers the option to hook into Google Docs later. I guess the usernames req puts the alternatives at using twitter or github, or running something separate (which makes a whole new project...). Or having this weird second-level dialogue, but I'd kind of like to avoid that.
I'm pretty partial to Google as OAuth provider, to get running at least. But, it has been quite interesting that each year, people pull us up on this for the Open Data Census (require evil corp. to access functionality).