Allow client apps to create user accounts

[justinanderson]

Via a new API endpoint. Useful for apps that want to store user data in DataHub without needing users to create a DataHub account, know that their data is in DataHub, or even know what DataHub is. If those users want to control their data at a future date, they can claim ownership of the account by virtue of email address control.

• Should generate random usernames and passwords.
• Client apps should be able to suggest a desired username, but may not get it.
• If those users visit DataHub directly, they should be able to claim that account via a password reset email. There should also be an API endpoint for generating those emails on behalf of the user.

All accounts will still require an email address so that users can gain access to their account regardless of the client app's help.

[karger]

This API would certainly be useful. But I don't think there's a need to
generate random usernames. We need a UID on datahub (which doesn't need
to be random) but a given application could decide to associate its own
usernames with that UID. Datahub could store the association between
(app-specific) usernames and UIDs. In a sense, username is a front-end
concept. In datahub we probably want to associate UID with an email
address to let the user claim it later, but we don't have to force the
username to be the email address either. And in general I think it will
be good to let people have different usernames on different applications.

Not sure it is part of this issue, but when we do let individual apps
create accounts for users, we need to make sure that the app can only
access data that the user creates with that app, and not that the user
has created with other apps. The app should create/access tables that
are associated with itself, through some app-specific key or secret, and
other apps shouldn't be able to access that data unless the user gives
explicit permission.

It would be great if this could all work with a pure javascript
app---ie, I set up some tables and a user directory on datahub that are
associated with a particular web domain, and the js app on that domain
is able to create user accounts for that domain....

On 7/29/2016 2:57 PM, Justin Anderson wrote:

Via a new API endpoint. Useful for apps that want to store user data
in DataHub without needing users to create a DataHub account, know
that their data is in DataHub, or even know what DataHub is. If those
users want to control their data at a future date, they can claim
ownership of the account by virtue of email address control.

• Should generate random usernames and passwords.
• Client apps should be able to suggest a desired username, but may
  not get it.
• If those users visit DataHub directly, they should be able to
  claim that account via a password reset email. There should also
  be an API endpoint for generating those emails on behalf of the user.

All accounts will still require an email address so that users can
gain access to their account regardless of the client app's help.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#173, or mute the thread
https://github.com/notifications/unsubscribe-auth/ABFpXn-BiPEVedlQ-M3RDqFO5eRmlmPWks5qak0agaJpZM4JYecD.