Kiran Jonnalagadda
Kiran Jonnalagadda
Unlike #91, which proposes merging Organization and Team with User to form a new Principal model, this one proposes eliminating the two models entirely. In the course of discussing #91,...
Views that use `load_models` should be migrated to using the far more efficient `ModelView`. This applies (at least) to the organization management views, where querying by `Organization.name` generates a grossly...
Client apps should have a contact email address for support issues (if say, an API is changing and we need to notify the app's owner). Since apps can be owned...
Slack (the collaboration tool) offers an option to sign in via an emailed access link if the password is too long or complicated to type on the mobile app. This...
Login beacon
Sites are often out of sync with Lastuser w.r.t the user's logged in state. The user may be logged into the site but not the app or vice versa. The...
We've missed an aspect of the OAuth 2.0 spec, these special redirect URIs: * `urn:ietf:wg:oauth:2.0:oob` * `urn:ietf:wg:oauth:2.0:oob:auto` Details at https://developers.google.com/api-client-library/python/auth/installed-app#choosingredirecturi Lastuser should implement support for these, and the native Android...
Since #69 we've used SHA256 for client credentials. The rationale offered in b000a5057a65fc5eff146ffde6c9a7968e020616 and 8d361caeed4f70766eee09f0f8607a0a361dc366 (in January 2015): > We use unsalted SHA256 instead of a salted hash or a...
We occasionally receive support requests stating something is not working for a user, _or_ sometimes we have to setup an account on behalf of a user (such as a guest...
Merging users currently overrides all records of one user. This process is irreversible. However, merging should be undoable, so it needs to keep a record of what changed. This may...
The `UserEmail` model should have a `verified_at` or `active_at` datetime field that records the last time a message sent to this address was opened (especially if it's an explicit probe...