On Fri, Jul 9, 2021 at 11:44 AM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > On Fri, Jul 09, 2021 at 11:13:19AM -0400, Christopher wrote: > > Why does FAS use the email forwarding address when I use it to > > authenticate, rather than the permanent @fedoraproject.org alias for > > the address? > > Because only "contributors" (ie, people in at least one non cla group) > have @fedoraproject.org aliases. Ah, I forgot about this. Maybe this should be reconsidered, but either way, this was my misunderstanding. Sorry, and thanks for reminding me. > > > I should be able to change my forwarding address without changing how > > authentication works. However, it looks like if I change my forwarding > > address, then try to use FAS to log in to Bugzilla, it would tell me > > that there is no account for <forwarding address> and asks if I want > > to register. This currently happens when I try to log in with FAS, > > because I registered my bugzilla account using my > > ctubbsii@xxxxxxxxxxxxxxxxx alias instead. Obviously, I don't want to > > create a new account if I change my forwarding address. I can't > > imagine ever wanting to authenticate using my forwarding address, > > rather than my Fedora alias for accessing Fedora systems, because my > > forwarding address is subject to change. > > We are working on this with the new account system. It has a 'bugzilla > email address' field. However, we need to put in place verification of > those addresses before we enable it on our side/in bugzilla. > Once thats there you should be able to put your fedoraproject.org > address in there. I used Bugzilla as an example, but I think it goes beyond Bugzilla. It also affects OAuth/OpenID authentication to lists.fedoraproject.org, pagure.io, src.fedoraproject.org, etc. I don't want to share my forwarding address with any of these services, because it is subject to change. But, the way it seems to use my forwarding address as my account identifier, rather than my FAS username or @fedoraproject.org email, seems to force me to share it with them. > > In the mean time we can override this for bugzilla. > File a infrastructure ticket for it. I have previously done that, and my Bugzilla account is my @fedoraproject.org alias. All that seems to be working if I log in with my Bugzilla username and password. Permissions and auto-watch and notifications all seem to work. I also can see the new text box in Fedora Accounts settings that shows it correctly. However, that doesn't allow me to log in via FAS, because Bugzilla still wants me to register a new account using my forwarding email address. > > > > Every FAS account has a corresponding @fedoraproject.org email alias. > > nope, they do not. > I stand corrected. However, I still think that there *should* be a unique identifier that isn't as volatile as a forwarding email address, for the purposes of authenticating to FAS using OAuth, and it seems like it makes the most sense to have it based on the FAS user name, and not some field that the user can change in their FAS account. > > Also, why doesn't the FAS OAuth login redirect page show the password > > and 2FA fields separately, like on the Fedora Accounts > > (accounts.fedoraproject.org) page? It would be much nicer on password > > managers, which are easily confused into thinking you've changed your > > password every time you manually append the 2FA code to the password. > > This is also being worked on. It turns out to be a lot harder than we > first thought. Hopefully that will land soon. Okay. Thanks for your continued dedication and effort to Fedora! > > kevin > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
