On Wed, Jul 12, 2017 at 1:23 PM, Magnus Hagander <magnus@hagander.net> wrote:
I'm working on Cleaning Up Some Old Branches (TM) in the pgweb repository, and found one I did during some airport hacking that I forgot to post to people about.
It's been discussed a couple of times that we should perhaps support Google signin for community auth.
Basically, the idea behind it would be that on the login page you would both have the regular userid/password box, and also a button for "sign in with google". If somebody signs in with Google, it would automatically match it to their community account based on email address (since Google doesn't have the concept of a separate userid, and even if they did that would open up all sorts of hijacking vulnerabilities). If they didn't already have a community account, we'd offer to create one automatically and copy the main information over from the Google profile.
My implementation so far, which does the login but not the provisioning of new accounts yet, is about 50 lines of python/django and 25 lines of javascript. So it's not very difficult to do.
The bigger question is - do we *want* to do this?
I think it's a reasonable option, though it would open up debate on what else to support. GitHub springs to mind…
Would this work with @postgresql.org accounts? AFAIK they are not configured with Google services.