On Fri, Jul 09, 2021 at 01:03:51PM -0400, Christopher wrote: ...snip... > I used Bugzilla as an example, but I think it goes beyond Bugzilla. It > also affects OAuth/OpenID authentication to lists.fedoraproject.org, > pagure.io, src.fedoraproject.org, etc. I don't want to share my > forwarding address with any of these services, because it is subject > to change. But, the way it seems to use my forwarding address as my > account identifier, rather than my FAS username or @fedoraproject.org > email, seems to force me to share it with them. I think thats pretty unique to bugzilla. Thats because for bugzilla your email address == your account name. On all those other services you rightly get a account that may have your email attached, but that email could change and you would still be the same account. On bugzilla if that email changes it changes the account entirely too. ;( > > > > > In the mean time we can override this for bugzilla. > > File a infrastructure ticket for it. > > I have previously done that, and my Bugzilla account is my > @fedoraproject.org alias. All that seems to be working if I log in > with my Bugzilla username and password. Permissions and auto-watch and > notifications all seem to work. I also can see the new text box in > Fedora Accounts settings that shows it correctly. However, that > doesn't allow me to log in via FAS, because Bugzilla still wants me to > register a new account using my forwarding email address. Ah ok, yes, if you are using our auth to login it will (currently) use your email address. Once we add support for verifying the 'bugzilla email' in the account system you should be able to put your @fedoraproject.org in there, ack the email check and it should start sending that to bugzilla and you can login. > > > > > > > Every FAS account has a corresponding @fedoraproject.org email alias. > > > > nope, they do not. > > > > I stand corrected. However, I still think that there *should* be a > unique identifier that isn't as volatile as a forwarding email > address, for the purposes of authenticating to FAS using OAuth, and it > seems like it makes the most sense to have it based on the FAS user > name, and not some field that the user can change in their FAS > account. again, I think this is particular to bugzilla. Most apps use account name. > > > > Also, why doesn't the FAS OAuth login redirect page show the password > > > and 2FA fields separately, like on the Fedora Accounts > > > (accounts.fedoraproject.org) page? It would be much nicer on password > > > managers, which are easily confused into thinking you've changed your > > > password every time you manually append the 2FA code to the password. > > > > This is also being worked on. It turns out to be a lot harder than we > > first thought. Hopefully that will land soon. > > Okay. Thanks for your continued dedication and effort to Fedora! Sorry this stuff is not all better yet. ;( I do hope we can improve it all now that we have the new account system in place. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
